Medium Severity

IBM Security Bulletin: Rational Asset Analyzer (RAA) is affected by a vulnerability in WAS liberty.

Share this post:

Rational Asset Analyzer (RAA) has addressed the following vulnerability: Apache Tomcat (used by WAS liberty) could allow a remote attacker to bypass security restrictions, caused by the use of expression language. An attacker could exploit this vulnerability to bypass the protections of a Security Manager.

CVE(s): CVE-2014-7810

Affected product(s) and affected version(s):

Product

Affected Versions

Rational Asset Analyzer 6.1.0.0 – 6.1.0.18

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10743113
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/103155

More stories

IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in cURL (CVE-2018-16840 CVE-2018-16842)

Apr 24, 2019 9:01 am EDT | Medium Severity

IBM Dynamic System Analysis (DSA) Preboot has addressed the following vulnerabilities in cURL. CVE(s): CVE-2018-16840, CVE-2018-16842 Affected product(s) and affected version(s): Product Affected Version IBM Dynamic System Analysis (DSA) Preboot 9.6 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10882106X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152299X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152300 ...read more


IBM Security Bulletin: API Connect V5 is impacted by vulnerabilities in Bootstrap (CVE-2018-14040 CVE-2018-14041 CVE-2018-14042)

Apr 24, 2019 9:01 am EDT | Medium Severity

IBM API Connect has addressed the following vulnerability. CVE(s): CVE-2018-14042, CVE-2018-14041, CVE-2018-14040 Affected product(s) and affected version(s): Affected IBM API Management Affected Versions IBM API Connect 5.0.0.0-5.0.8.5 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10880955X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/146466X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/146467X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/146468 ...read more


IBM Security Bulletin: IBM InfoSphere Data Quality Exception Console is affected by a Reflected XSS (Cross-Site Scripting) vulnerability

Apr 24, 2019 9:01 am EDT | Medium Severity

A Reflected XSS (Cross-Site Scripting) vulnerability was addressed by IBM InfoSphere Data Quality Exception Console. CVE(s): CVE-2019-4238 Affected product(s) and affected version(s): The following products, running on all supported platforms, are affected: IBM InfoSphere Data Quality Exception Console: versions 11.3, 11.5, and 11.7 IBM InfoSphere Information Server on Cloud: version 11.5, and 11.7 Refer to ...read more