Medium Severity

IBM Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Virtualization Engine TS7700 – July 2018 & October 2018

Share this post:

There are multiple vulnerabilities in IBM® SDK, Java™ Technology Edition, Versions 7 and 8, that are used by IBM Virtualization Engine TS7700. These issues were disclosed as part of the IBM Java SDK updates in July 2018 and October 2018.

CVE(s): CVE-2018-1517, CVE-2018-2973, CVE-2018-3139, CVE-2018-3180

Affected product(s) and affected version(s):

All versions of microcode for the IBM Virtualization Engine TS7700 (3957-V07, 3957-VEB, 3957-VEC) prior to and including the following are affected:

Machine Type Model Version
3957 V07 8.42.1.8
3957 VEB 8.42.1.8
3957 VEC 8.42.1.8

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10732035
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141681
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/146835
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151455
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151497

More stories

IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2018-1901)

Apr 20, 2019 9:00 am EDT | Medium Severity

There is a vulnerability in IBM WebSphere Application Server, used by IBM Spectrum Scale. This issue allow a remote attacker to temporarily gain elevated privileges on the system. CVE(s): CVE-2018-1901 Affected product(s) and affected version(s):The Elastic Storage Server 5.3 thru 5.3.2.1 The Elastic Storage Server 5.0.0 thru 5.2.5 The Elastic Storage Server 4.5.0 thru 4.6.0 ...read more


IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling Connect:Express for UNIX (CVE-2018-0734 and CVE-2018-5407)

Apr 18, 2019 9:01 am EDT | Medium Severity

OpenSSL vulnerabilities were disclosed on October 30, 2018 (CVE-2018-0734) and November 02, 2018 (CVE-2018-5407) by the OpenSSL Project. OpenSSL is used by Sterling Connect:Express for UNIX. Sterling Connect:Express for UNIX has addressed the applicable CVEs. CVE(s): CVE-2018-0734, CVE-2018-5407 Affected product(s) and affected version(s): IBM Sterling Connect:Express for UNIX 1.5.0.15 All versions prior to and including ...read more


IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Information Exposure (CVE-2018-1729)

Apr 18, 2019 9:00 am EDT | Medium Severity

The product discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. CVE(s): CVE-2018-1729 Affected product(s) and affected version(s):IBM QRadar SIEM 7.3.0 – 7.3.2 GA Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10881546X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/147708 ...read more