High Severity
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Cast Iron
Feb 12, 2018 9:00 am EST
Categorized: High Severity
Share this post:
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 SR10 FP15 and Version 6 SR16 FP55 used by WebSphere Cast Iron. These issues were disclosed as part of the IBM Java SDK updates in October 2017..
CVE(s): CVE-2017-10356, CVE-2017-10388
Affected product(s) and affected version(s):
WebSphere Cast Iron v 7.5.1.0, 7.5.0.1, 7.5.0.0
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22013351
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133785
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/133813
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i
Jan 21, 2022 7:00 pm EST | High Severity
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i. IBM i has addressed the applicable CVEs. ...read more
Security Bulletin: IBM QRadar hardware appliances are vulnerable to Intel privilege escalation (CVE-2021-0144)
Jan 21, 2022 7:00 pm EST | High Severity
IBM QRadar hardware appliances are vulnerable to Intel privilege escalation ...read more
Security Bulletin: IBM Cognos Controller has addressed multiple vulnerabilities
Jan 20, 2022 7:00 pm EST | High Severity
This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Cognos Controller 10.4.0 IF11, 10.4.1 IF12 and 10.4.2 IF17. There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by IBM Cognos Controller. The applicable CVEs have been addressed by upgrading to IBM® Runtime Environment Java™ Version 8 Service Refresh 6 Fix Pack 15. If you run your own Java code using IBM® Runtime Environment Java™ delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the "IBM Java SDK Security Bulletin", located in the References section for more information. There are vulnerabilities in IBM WebSphere Application Server Liberty used by IBM Cognos Controller. The applicable CVEs have been addressed by upgrading to IBM WebSphere Application Server Liberty 20.0.0.7. XML External Entity (XXE), Authentication Bypass, External (XXE) and Modification of Assumed-Immutable Data (MAID) vulnerabilities have also been addressed in applicable versions. Please note that IBM Cognos Controller 10.4.2 IF17 also addresses Apache Log4j vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832. (See References). ...read more