High Severity

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise

Share this post:

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 7.0.10.35 used by IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise has addressed the applicable CVEs. These issues were also addressed by IBM WebSphere Application Server and IBM Tivoli System Automation Application Manager shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. These issues were disclosed as part of the IBM Java SDK updates in April 2019.

CVE(s): CVE-2019-2698, CVE-2019-2697, CVE-2019-2602, CVE-2019-2684, CVE-2019-10245, CVE-2019-2699

Affected product(s) and affected version(s):

Principal Product and Version(s)

Affected Supporting Product and Version

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition V2.5, V2.5.0.1, V2.5.02. V2.5.0.3, V2.5.0.4, V2.5.0.5, V2.5.0.6, V2.5.0.7, V2.5.0.8, V2.5.0.9

  • WebSphere Application Server V8.5.5 through V8.5.5.15
  • IBM Tivoli System Automation Application Manager 4.1

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3, V2.4.0.4, V2.4.0.5

  • WebSphere Application Server V8.5.0.1 through V8.5.5.12
  • IBM Tivoli System Automation Application Manager 4.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/887261
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159790
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159789
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159698
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159776
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/160010
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159791

More stories

Security Bulletin: IBM® Db2® is vulnerable to denial of service (CVE-2020-4135).

Feb 18, 2020 7:01 pm EST | High Severity

Db2 is vulnerable to a denial of service. Db2 could allow an attacker to send specially crafted packets to the Db2 server to cause excessive memory usage and cause Db2 to terminate abnormally. ...read more


Security Bulletin: Security vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology

Feb 18, 2020 7:00 pm EST | High Severity

Multiple security vulnerabilities affect components used by the following products that may affect those products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), IBM Rhapsody Model Manager and Rational Software Architect Design Manager (RSA DM). ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring

Feb 18, 2020 7:00 pm EST | High Severity

There are several vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components. ...read more