High Severity

IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud Transformation Advisor

Share this post:

IBM Cloud Transformation Advisor has addressed the following vulnerabilities. CVE-2018-12122, CVE-2018-12121, CVE-2018-12123

CVE(s): CVE-2018-12122, CVE-2018-12121, CVE-2018-12123

Affected product(s) and affected version(s):
IBM Cloud Transformation Advisor 1.8.0, 1.8.1, 1.9.0, 1.9.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10872252
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153456
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153455
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153457

More stories

IBM Security Bulletin: Cloudant Local Apache CouchDB CVE-2018-17188: Remote Privilege Escalations

Mar 20, 2019 10:02 am EDT | High Severity

Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full system entry for unauthenticated users. CVE(s): CVE-2018-17188 Affected product(s) and affected version(s):All ...read more


IBM Security Bulletin: Vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU – Oct 2018 – Includes Oracle Oct 2018 CPU

Mar 20, 2019 10:02 am EDT | High Severity

There are vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU – Oct 2018 – Includes Oracle Oct 2018 CPU used by IBM Streams. IBM Streams has addressed the applicable CVEs. CVE(s): CVE-2018-3139, CVE-2018-3136, CVE-2018-13785, CVE-2018-3214, CVE-2018-3180, CVE-2018-3149, CVE-2018-3169, CVE-2018-3183 Affected product(s) and affected version(s): Affected InfoSphere Streams Affected Versions InfoSphere Streams 4.0.1.6 and earlier ...read more


IBM Security Bulletin: Vulnerabilities in deserialization of openid connect cookie

Mar 20, 2019 10:01 am EDT | High Severity

There are vulnerabilities in deserialization of openid connect cookie used by IBM Streams. IBM Streams has addressed the applicable CVEs. CVE(s): CVE-2018-1851 Affected product(s) and affected version(s): Affected InfoSphere Streams Affected Versions InfoSphere Streams 4.0.1.6 and earlier InfoSphere Streams 3.2.1.6 and earlier IBM Streams 4.1.1.7 and earlier IBM Streams 4.2.1.5 and earlier IBM Streams 4.3.0.0 ...read more