High Severity

IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Share this post:

Java SE issues disclosed in the Oracle January 2018 Critical Patch Update, plus one additional vulnerability

CVE(s): CVE-2018-2639, CVE-2018-2638, CVE-2018-2633, CVE-2018-2637, CVE-2018-2634, CVE-2018-2582, CVE-2018-2641, CVE-2018-2618, CVE-2018-2657, CVE-2018-2629, CVE-2018-2603, CVE-2018-2599, CVE-2018-2602, CVE-2018-2678, CVE-2018-2677, CVE-2018-2663, CVE-2018-2588, CVE-2018-2579, CVE-2018-1417

Affected product(s) and affected version(s):

IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 55 and earlier releases
IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 55 and earlier releases
IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 15 and earlier releases
IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 15 and earlier releases
IBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 7 and earlier releases

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/docview.wss?uid=swg22012965
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137891
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137890
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137885
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137889
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137886
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137836
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137893
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137870
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137910
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137880
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137855
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137851
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137854
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137933
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137932
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137917
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137841
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137833
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/138823

More stories

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Storage Manager FastBack (CVE-2018-1656, CVE-2018-12539)

Nov 18, 2018 8:01 am EST | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ that is used by Tivoli Storage Manager FastBack. These issues were disclosed as part of the IBM Java SDK updates in July 2018. CVE(s): CVE-2018-1656, CVE-2018-12539 Affected product(s) and affected version(s): Tivoli Storage Manager FastBack versions 6.1.0.0 through 6.1.12.5 are affected. Refer to the following reference ...read more


IBM Security Bulletin: IBM API Connect is affected by a denial of service vulnerability via large JSON payloads (CVE-2018-1779)

Nov 17, 2018 8:02 am EST | High Severity

API Connect has addressed the following vulnerability. The management microservice in API Connect version 2018.1 through 2018.3.7 is vulnerable to denial of service attacks via large JSON payloads. An attacker can flood the management service with unauthenticated api requests with large JSON payloads. This could result in the server allocating disproportionate computing resources to process ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Performance Management products

Nov 17, 2018 8:01 am EST | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Monitoring. IBM Monitoring has addressed the applicable CVEs. CVE(s): CVE-2016-0705, CVE-2018-1517, CVE-2018-1656, CVE-2018-2973, CVE-2018-2952, CVE-2018-2940, CVE-2018-12539 Affected product(s) and affected version(s): IBM Monitoring 8.1.3 IBM Application Diagnostics 8.1.3 IBM Application Performance Management 8.1.3 IBM Application Performance Management Advanced 8.1.3 IBM Cloud Application ...read more