High Severity

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Snapshot on AIX and Linux (CVE-2018-1890, CVE-2018-12547) Security Bulletin

Share this post:

Multiple vulnerabilities in IBM® Runtime Environment Java™ were disclosed as part of the IBM Java SDK updates in January 2019. IBM® Runtime Environment Java™ is used by IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) on AIX and Linux.

CVE(s): CVE-2018-1890, CVE-2018-12547

Affected product(s) and affected version(s):
The following IBM FlashCopy Manager (IBM Spectrum Protect Snapshot (fomerly Tivoli Storage FlashCopy Manager) components on Unix and Linux are affected:

  • IBM Spectrum Protect Snapshot for DB2 versions on AIX and Linux x86 only:
    – 8.1.0.0 through 8.1.6.0
    – 4.1.0.0 through 4.1.6.2
  • IBM Spectrum Protect Snapshot for Custom Applications versions on AIX and Linux x86 only:
    – 8.1.0.0 through 8.1.6.0
    – 4.1.0.0 through 4.1.6.2
  • IBM Spectrum Protect Snapshot for Oracle versions on AIX and Linux x86 only:
    – 8.1.0.0 through 8.1.6.0
    – 4.1.0.0 through 4.1.6.2
  • IBM Spectrum Protect Snapshot for Oracle with SAP environments versions on AIX and Linux x86 only:
    – 8.1.0.0 through 8.1.6.0
    – 4.1.0.0 through 4.1.6.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10885230
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152081
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157512

More stories

Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential information disclosure id 177835

Aug 14, 2020 8:00 pm EDT | High Severity

Financial Transaction Manager for ACH Services (FTM ACH) for Multi-Platform has addressed the following vulnerability. A potential vulnerability in the Apache Commons Codec module could allow information disclosure. ...read more


Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4589)

Aug 13, 2020 8:00 pm EDT | High Severity

WebSphere Application Server is vulnerable to a remote code execution vulnerability. This has been addressed. ...read more


Security Bulletin: Db2 vulnerabilities affect IBM Spectrum Protect Server (CVE-2020-4230, CVE-2020-4135, CVE-2020-4204, CVE-2020-4200)

Aug 12, 2020 8:01 pm EDT | High Severity

The IBM Spectrum Protect Server is affected by multiple Db2 vulnerabilities such as privilege escalation, denial of service, and buffer overflow. ...read more