Medium Severity
IBM Security Bulletin: Password disclosure via trace log in IBM Spectrum Protect Operations Center (CVE-2018-1769)
February 26, 2019
Categorized: Medium Severity
Share this post:
IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center my display the password in plain text in the trace file when tracing is turned on.
CVE(s): CVE-2018-1769
Affected product(s) and affected version(s):
The following levels of IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center are affected:
- 8.1.0.000 through 8.1.6.100
- 7.1.0.000 through 7.1.9.100
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10735281
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148623
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in jQuery (CVE-2020-11022).
August 4, 2022 | Medium Severity
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in jQuery, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method (CVE-2020-11022). jQuery is used by the runtime components included in IBM Watson Speech. Please read the details for remediation below. ...read more
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in jQuery (CVE-2019-11358).
August 4, 2022 | Medium Severity
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in jQuery, caused by improper validation of user-supplied input in Drupal core. (CVE-2019-11358). jQuery is used by the runtime components included in IBM Watson Speech. Please read the details for remediation below. ...read more
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in libssh, caused by improper bounds checking.(CVE-2021-3634).
August 4, 2022 | Medium Severity
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in libssh, caused by improper bounds checking (CVE-2021-3634). Libssh, included in RedHat, is used in the base operating system by IBM Watson Speech. Please read the details for remediation below. ...read more