High Severity

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect for Enterprise Resource Planning (CVE-2018-1890, CVE-2018-12547)

Share this post:

There are multiple vulnerabilities in IBM® Runtime Environment Java™ which is used by IBM Spectrum Protect (formerly Tivoli Storage Manager) for Enterprise Resource Planning. These issues were disclosed as part of the IBM Java SDK updates in January 2019.

CVE(s): CVE-2018-1890, CVE-2018-12547

Affected product(s) and affected version(s):
The following levels of IBM Spectrum Protect (formerly Tivoli Storage Manager) for Enterprise Resource Planning are affected:

  • 8.1.0.0 through 8.1.6.0 – Data Protection for SAP HANA
    8.1.0.0 through 8.1.4.0 – Data Protection for SAP for Db2 and Data Protection for SAP for Oracle
  • 7.1.3.0 through 7.1.3.1 – Data Protection for SAP HANA, Db2, and Oracle.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10883888
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152081
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157512

More stories

IBM Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities.

Oct 21, 2019 9:02 am EDT | High Severity

Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities). CVE(s): CVE-2019-9516, CVE-2019-9515, CVE-2019-9518, CVE-2019-9517, CVE-2019-9512, CVE-2019-9511, CVE-2019-9514, CVE-2019-9513 Affected product(s) and affected version(s): IBM Cloud Event Management on IBM Cloud Private Version 2.3.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www.ibm.com/support/pages/node/1078209X-Force ...read more


IBM Security Bulletin: IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition is affected by HTTP Server vulnerabilities

Oct 21, 2019 9:01 am EDT | High Severity

IBM HTTP Server is shipped as a component of IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. CVE(s): CVE-2019-0211, CVE-2019-0220 Affected product(s) and affected version(s): Principal Product and Version(s) Affected Supporting Product and Version IBM Cloud Orchestrator and IBM ...read more


IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Cloud Private

Oct 15, 2019 9:03 am EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Cloud Private. IBM Cloud Private has addressed the applicable CVEs. CVE(s): CVE-2019-2766, CVE-2019-2786, CVE-2019-2816, CVE-2019-2762, CVE-2019-2769, CVE-2019-4473 Affected product(s) and affected version(s): IBM Cloud Private 3.1.0, 3.1.1, 3.1.2, 3.2.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source ...read more