Medium Severity

IBM Security Bulletin: IBM MQ Appliance is affected by GnuTLS vulnerabilities (CVE-2018-10845 and CVE-2018-10844)

Share this post:

IBM MQ Appliance has addressed the following GnuTLS vulnerabilities.

CVE(s): CVE-2018-10845, CVE-2018-10844

Affected product(s) and affected version(s):

IBM MQ Appliance 9.1 Long Term Support (LTS) Release
Maintenance levels between 9.1.0.0 and 9.1.0.1

IBM MQ Appliance 9.1.x Continuous Delivery (CD) Release
Continuous delivery updates 9.1.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10792531
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148730
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148731

More stories

IBM Security Bulletin: A security vulnerability has been addressed in IBM Cognos Analytics (CVE-2019-4139)

May 24, 2019 9:01 am EDT | Medium Severity

This bulletin addresses a security vulnerability that has been fixed in IBM Cognos Analytics 11.1.2 and IBM Cognos Analytics 11.0.13 FP1. A Cross Site Scripting (XSS) vulnerability could allow attackers to inject code into a GET statement when importing visualizations. This has been addressed in the latest available updates. CVE(s): CVE-2019-4139 Affected product(s) and affected ...read more


IBM Security Bulletin: Cross-site scripting and failure to enforce HTTP Strict Transport Security vulnerabilities in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4137, CVE-2019-4138)

May 24, 2019 9:01 am EDT | Medium Severity

IBM Spectrum Control (formerly Tivoli Storage Productivity Center) is vulnerable to cross-site scripting and failure to enforce HTTP Strict Transport Security. CVE(s): CVE-2019-4137, CVE-2019-4138 Affected product(s) and affected version(s): IBM Spectrum Control 5.2.13 – 5.2.17.2 IBM Spectrum Control 5.3.0 – 5.3.2 The versions listed above apply to all licensed offerings of IBM Spectrum Control. Refer ...read more


IBM Security Bulletin: Guardium StealthBits Integration is affected by an OpenSSL vulnerability

May 24, 2019 9:01 am EDT | Medium Severity

IBM Security Guardium is aware of the following vulnerability CVE(s): CVE-2019-1559 Affected product(s) and affected version(s): Affected IBM Security Guardium Affected Versions IBM Security Guardium 10.1.4 – 10.6 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10885200X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157514 ...read more