High Severity

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio and IBM CPLEX Enterprise Server (CVE-2018-1890, CVE-2018-12547, CVE-2019-2426)

Share this post:

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 & 8 used by IBM CPLEX Optimization Studio and IBM CPLEX Enterprise Server. IBM CPLEX Optimization Studio and IBM CPLEX Enterprise Server have addressed the applicable CVEs.

CVE(s): CVE-2018-1890, CVE-2018-12547, CVE-2019-2426

Affected product(s) and affected version(s):
IBM CPLEX Optimization Studio and IBM CPLEX Enterprise Server 12.9 and earlier releases

IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 35 and earlier releases IBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 27 and earlier releases

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10875674
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152081
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157512
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155744

More stories

Security Bulletin: IBM Cognos Controller has addressed multiple vulnerabilities

Jan 20, 2022 7:00 pm EST | High Severity

This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Cognos Controller 10.4.0 IF11, 10.4.1 IF12 and 10.4.2 IF17. There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by IBM Cognos Controller. The applicable CVEs have been addressed by upgrading to IBM® Runtime Environment Java™ Version 8 Service Refresh 6 Fix Pack 15. If you run your own Java code using IBM® Runtime Environment Java™ delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the "IBM Java SDK Security Bulletin", located in the References section for more information. There are vulnerabilities in IBM WebSphere Application Server Liberty used by IBM Cognos Controller. The applicable CVEs have been addressed by upgrading to IBM WebSphere Application Server Liberty 20.0.0.7. XML External Entity (XXE), Authentication Bypass, External (XXE) and Modification of Assumed-Immutable Data (MAID) vulnerabilities have also been addressed in applicable versions. Please note that IBM Cognos Controller 10.4.2 IF17 also addresses Apache Log4j vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832. (See References). ...read more


Security Bulletin: IBM Db2® Warehouse has released a fix in response to multiple vulnerabilities found in IBM Db2®

Jan 19, 2022 7:00 pm EST | High Severity

IBM has released the following fix for IBM Db2® Warehouse in response to multiple vulnerabilities found in IBM Db2®. ...read more


Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Strategic Supply Management Platform (CVE-2021-35619)

Jan 18, 2022 7:02 pm EST | High Severity

An Oracle database server vulnerability affects IBM Emptoris Strategic Supply Management Platform. The issue has been addressed. ...read more