High Severity

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX Security Bulletin

Share this post:

There are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 7, 7.1, 8 that are used by AIX. These issues were disclosed as part of the IBM Java SDK updates in January 2019.

CVE(s): CVE-2018-1890, CVE-2018-12549, CVE-2018-12547, CVE-2019-2422, CVE-2019-2449, CVE-2019-2426, CVE-2018-11212

Affected product(s) and affected version(s):
AIX 7.1, 7.2
The following fileset levels (VRMF) are vulnerable, if the respective Java version is installed:
For Java7: Less than 7.0.0.640
For Java7.1: Less than 7.1.0.440
For Java8: Less than 8.0.0.530 Note: To find out whether the affected Java filesets are installed on your systems, refer to the lslpp command found in AIX user’s guide.
Example: lslpp -L | grep -i java

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ibm10878376
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152081
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157513
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157512
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155741
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155766
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155744
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/143429

More stories

IBM Security Bulletin: Multiple vulnerabilities in IBM HTTP Server (CVE-2019-0211 CVE-2019-0220)

Apr 23, 2019 9:02 am EDT | High Severity

There are multiple vulnerabilities in the IBM HTTP Server used by WebSphere Application Server. CVE-2019-0211 affects version 9 non-windows platforms only. CVE(s): CVE-2019-0220, CVE-2019-0211 Affected product(s) and affected version(s): These vulnerabilities affect the following version and release of IBM HTTP Server (powered by Apache) component in all editions of WebSphere Application Server and bundling products. ...read more


IBM Security Bulletin: Potential vulnerability related to Unsafe Deserialization in Apache Solr shipped with IBM Operations Analytics – Log Analysis (CVE-2019-0192)

Apr 23, 2019 9:01 am EDT | High Severity

In Solr the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of unsafe deserialization in Solr to trigger remote code execution on the Solr side. CVE(s): CVE-2019-0192 Affected product(s) and affected version(s):IBM Operations Analytics – Log Analysis ...read more


IBM Security Bulletin: IBM i is affected by networking BIND vulnerabilities CVE-2018-5744 CVE-2019-6465 and CVE-2018-5745.

Apr 23, 2019 9:01 am EDT | High Severity

ISC BIND is vulnerable to these security vulnerabilities. IBM i has addressed these vulnerabilities. CVE(s): CVE-2018-5745, CVE-2019-6465, CVE-2018-5744 Affected product(s) and affected version(s): Releases 7.1, 7.2 and 7.3 of IBM i are affected. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10876698X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157386X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157377X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157371 ...read more