High Severity

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX Security Bulletin

Share this post:

There are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 7, 7.1, 8 that are used by AIX. These issues were disclosed as part of the IBM Java SDK updates in October 2018.

CVE(s): CVE-2018-3139, CVE-2018-3136, CVE-2018-13785, CVE-2018-3214, CVE-2018-3180, CVE-2018-3149, CVE-2018-3169, CVE-2018-3183

Affected product(s) and affected version(s):

AIX 6.1, 7.1, 7.2
VIOS 2.2.x

The following fileset levels (VRMF) are vulnerable, if the respective Java version is installed:
For Java7: Less than 7.0.0.635
For Java7.1: Less than 7.1.0.435
For Java8: Less than 8.0.0.525

Note: To find out whether the affected Java filesets are installed on your systems, refer to the lslpp command found in AIX user’s guide.

Example: lslpp -L | grep -i java

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ibm10787833
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151455
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151452
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/146015
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151530
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151497
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151465
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151486
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151500

More stories

IBM Security Bulletin: IBM MessageSight is affected by the following four IBM Java vulnerabilities

Jan 22, 2019 9:01 am EST | High Severity

IBM MessageSight has addressed the following Java vulnerabilities: CVE-2018-3183: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting) CVE-2018-3169: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot) CVE-2018-3149: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java ...read more


IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-0732, CVE-2018-0737, CVE-2018-14618, CVE-2018-1000301)

Jan 22, 2019 9:00 am EST | High Severity

There are vulnerabilities in the OpenSSL and LibcURL libraries used by BigFix. These are addressed in the BigFix Platform 9.5.11 and 9.2.16 releases. CVE(s): CVE-2018-0732, CVE-2018-0737, CVE-2018-14618, CVE-2018-1000301 Affected product(s) and affected version(s): Affected IBM BigFix Platform Affected Versions BigFix Platform 9.5 – 9.5.10 BigFix Platform 9.2 – 9.2.15 Refer to the following reference URLs ...read more


IBM Security Bulletin: APIC is affected by a vulnerability in Apache Commons FileUpload (CVE-2016-1000031)

Jan 18, 2019 9:01 am EST | High Severity

IBM API Connect has addressed the following vulnerability. CVE(s): CVE-2016-1000031 Affected product(s) and affected version(s): Affected IBM API Management Affected Versions IBM API Connect 5.0.0.0-5.0.8.4 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10794179X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/117957 ...read more