High Severity

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®.

Share this post:

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7.0.10.35 and earlier, 7.1.4.35 and earlier, 8.0.5.27 and earlier used by IBM® Db2®. These issues were disclosed as part of the IBM Java SDK updates in January 2019.

CVE(s): CVE-2018-1890, CVE-2019-2426, CVE-2018-12547

Affected product(s) and affected version(s):
All fix pack levels of IBM Db2 V9.7, V10.1, V10.5, and V11.1 editions on all platforms are affected.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10875132
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152081
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155744
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157512

More stories

IBM Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities CVE-2019-10072

Jul 18, 2019 9:02 am EDT | High Severity

IBM WebSphere Cast Iron Solution has addressed the following vulnerabilities reported in Apache Tomcat v8 CVE(s): CVE-2019-10072 Affected product(s) and affected version(s): App Connect Professional v7.5.3.0. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10958283X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/162806 ...read more


IBM Security Bulletin: IBM Watson Studio – Local allows mounting glusterFS without security check

Jul 18, 2019 9:00 am EDT | High Severity

Watson Studio Local was allowing glusterFS mounting without any authorization. As long as the user had access to the same network, they could mount gluster volumes in any cluster. Internal implementation has been changed to check for permission before glusterFS mounting is allowed. CVE(s): Not Applicable Affected product(s) and affected version(s): Affected IBM Watson Studio ...read more


IBM Security Bulletin: Multiple vulnerabilities affect Watson Explorer (CVE-2017-14166, CVE-2017-14501, CVE-2017-14502, CVE-2017-14503)

Jul 18, 2019 9:00 am EDT | High Severity

Multiple libarchive vulnerabilities affect Watson Explorer. CVE(s): CVE-2017-14166, CVE-2017-14501, CVE-2017-14502, CVE-2017-14503 Affected product(s) and affected version(s): These vulnerabilities apply to the following products and versions: Watson Explorer Foundational Components version 10.0.0.5 and earlier. Watson Explorer Foundational Components version 11.0.0.3 and earlier, version 11.0.1, version 11.0.2. Watson Explorer Foundational Components version 12.0.1 and earlier. Refer to ...read more