High Severity

IBM Security Bulletin: IBM Netezza Host Management is affected by the vulnerabilities known as Intel Microarchitectural Data Sampling (MDS) and other Kernel vulnerabilities

Share this post:

IBM Netezza Host Management is affected by the vulnerabilities known as Intel Microarchitectural Data Sampling (MDS). There are Microarchitectural (hardware) implementation issues that could allow an unprivileged local attacker to bypass conventional memory security restrictions in order to gain read access to privileged memory that would otherwise be inaccessible.

CVE(s): CVE-2019-11091, CVE-2018-12130, CVE-2018-12127, CVE-2018-12126, CVE-2019-11478, CVE-2019-11477, CVE-2019-11479, CVE-2019-3896

Affected product(s) and affected version(s):

  • IBM Netezza Host Management 5.4.9.0 – 5.4.24.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10964466
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/160993
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/160992
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/160991
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/160990
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/162664
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/162662
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/162665
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/162709

More stories

IBM Security Bulletin: Security Bulletin: IBM Event Streams is affected by jackson-databind vulnerabilities

Oct 22, 2019 9:01 am EDT | High Severity

IBM Event Streams has addressed the following vulnerabilities in the jackson-databind versions shipped. CVE(s): CVE-2019-12814, CVE-2019-14439, CVE-2019-14540, CVE-2019-16335 Affected product(s) and affected version(s): IBM Event Streams 2019.2.1 or earlier Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://supportcontent.ibm.com/support/pages/node/1079409X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/162875X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/164744X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/167354X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/167205 ...read more


IBM Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities.

Oct 21, 2019 9:02 am EDT | High Severity

Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities). CVE(s): CVE-2019-9516, CVE-2019-9515, CVE-2019-9518, CVE-2019-9517, CVE-2019-9512, CVE-2019-9511, CVE-2019-9514, CVE-2019-9513 Affected product(s) and affected version(s): IBM Cloud Event Management on IBM Cloud Private Version 2.3.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www.ibm.com/support/pages/node/1078209X-Force ...read more


IBM Security Bulletin: IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition is affected by HTTP Server vulnerabilities

Oct 21, 2019 9:01 am EDT | High Severity

IBM HTTP Server is shipped as a component of IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. CVE(s): CVE-2019-0211, CVE-2019-0220 Affected product(s) and affected version(s): Principal Product and Version(s) Affected Supporting Product and Version IBM Cloud Orchestrator and IBM ...read more