Low Severity

IBM Security Bulletin: IBM Network Performance Insight (CVE-2018-11771)

Share this post:

Apache Commons Compress is vulnerable to a denial of service, caused by the failure to return the correct EOF indication after the end of the stream has been reached by the ZipArchiveInputStream method. By reading a specially crafted ZIP archive, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. IBM Network Performance Insight has addressed this.

CVE(s): CVE-2018-11771

Affected product(s) and affected version(s):

IBM Network Performance Insight: 1.2.1, 1.2.2, 1.2.3.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10739173
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148429

More stories

IBM Security Bulletin: IBM MQ Appliance affected by an OpenSSH vulnerability (CVE-2019-6110)

Aug 19, 2019 12:09 pm EDT | Low Severity

IBM MQ Appliance has addressed the following OpenSSH vulnerability. CVE(s): CVE-2019-6110 Affected product(s) and affected version(s): IBM MQ Appliance 8 Maintenance levels between 8.0.0.0 and 8.0.0.11 IBM MQ Appliance 9.1 Long Term Support (LTS) Release Maintenance levels between 9.1.0.0 and 9.1.0.2 IBM MQ Appliance 9.1.x Continuous Delivery (CD) Release Continuous delivery updates 9.1.1 and 9.1.2 ...read more


IBM Security Bulletin: Financial Transaction Manager for Digital Payments: Information Leakage in configuration listing (CVE-2018-1670)

Jul 29, 2019 9:01 am EDT | Low Severity

IBM Financial Transaction Manager for Digital Payments (FTM DP) for Multi-Platform could allow an authenticated user to obtain sensitive product configuration information from log files. CVE(s): CVE-2018-1670 Affected product(s) and affected version(s): FTM DP v3.2.0.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10731497X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/144946 ...read more


IBM Security Bulletin: IBM RackSwitch firmware products are affected by vulnerability in OpenSSL (CVE-2018-0734)

Jul 17, 2019 9:01 am EDT | Low Severity

IBM RackSwitch firmware products listed below have addressed the following vulnerability in OpenSSL. CVE(s): CVE-2018-0734 Affected product(s) and affected version(s): Product Affected Version IBM RackSwitch G8000 7.1 IBM RackSwitch G8052 7.9 IBM RackSwitch G8052 7.11 IBM RackSwitch G8124/G8124E 7.11 IBM RackSwitch G8264 7.11 IBM RackSwitch G8264CS 7.8 IBM RackSwitch G8264T 7.9 IBM RackSwitch G8316 7.9 ...read more