High Severity

IBM Security Bulletin: Multiple vulnerabilities in WebSphere Application Server Liberty affect IBM Spectrum Protect Operations Center (CVE-2018-1553, CVE-2018-1683, CVE-2018-8039)

Share this post:

Multiple vulnerabilities in WebSphere Application Server Liberty affect IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center.

CVE(s): CVE-2018-1553, CVE-2018-1683, CVE-2018-8039

Affected product(s) and affected version(s):

The following levels of IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center are affected:

  • 8.1.0.000 through 8.1.6.000
  • 7.1.0.000 through 7.1.9.100

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10735435
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/142890
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145455
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145516

More stories

Security Bulletin: XStream as used by IBM QRadar SIEM is vulnerable to os command injection (CVE-2019-10173)

Nov 20, 2019 7:00 pm EST | High Severity

CVEID:   CVE-2019-10173 DESCRIPTION:   It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)CVSS Base score: 9.8CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/164187 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center on AIX (CVE-2019-4473, CVE-2019-11771)

Nov 20, 2019 7:00 pm EST | High Severity

CVEID:   CVE-2019-4473 DESCRIPTION:   Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984.CVSS Base score: 8.4CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163984 for the current score.CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID:   CVE-2019-11771 DESCRIPTION:   AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users.CVSS Base score: 8.4CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163989 for the current score.CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) ...read more


Security Bulletin: Bypass Client-Side Validation vulnerability in Cloud Pak System (CVE-2019-4240)

Nov 20, 2019 12:10 pm EST | High Severity

There is a bypass client-side validation vulnerability in IBM Cloud Pak System formerly known as IBM PureApplication System. It applies to Cloud Pak System, Software, and Service. Cloud Pak System has addressed this vulnerability. Affected product(s) and affected version(s): IBM Cloud Pak System V2.3.0 Refer to the following reference URLs for remediation and additional vulnerability ...read more