Medium Severity

IBM Security Bulletin: Rational Asset Analyzer (RAA) is affected by a vulnerability in WAS liberty.

Share this post:

Rational Asset Analyzer (RAA) has addressed the following vulnerability: Apache Tomcat (used by WAS liberty) could allow a remote attacker to bypass security restrictions, caused by the use of expression language. An attacker could exploit this vulnerability to bypass the protections of a Security Manager.

CVE(s): CVE-2014-7810

Affected product(s) and affected version(s):

Product

Affected Versions

Rational Asset Analyzer 6.1.0.0 – 6.1.0.18

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10743113
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/103155

More stories

IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential directory listing of internal product files vulnerability (CVE-2018-2026)

Jan 22, 2019 9:01 am EST | Medium Severity

IBM Financial Transaction Manager for Corporate Payment Services (FTM CPS) for Multi-Platform has addressed the following vulnerability. A potential directory listing vulnerability could allow an authenticated user to obtain a directory listing of internal product files. CVE(s): CVE-2018-2026 Affected product(s) and affected version(s): FTM CPS v3.2.1.0 Refer to the following reference URLs for remediation and ...read more


IBM Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential directory listing of internal product files vulnerability (CVE-2018-2026)

Jan 22, 2019 9:01 am EST | Medium Severity

Financial Transaction Manager for Digital Payments (FTM DP) for Multi-Platform has addressed the following vulnerability. A potential directory listing vulnerability could allow an authenticated user to obtain a directory listing of internal product files. CVE(s): CVE-2018-2026 Affected product(s) and affected version(s): FTM DP v3.2.1.0 Refer to the following reference URLs for remediation and additional vulnerability ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software

Jan 22, 2019 9:01 am EST | Medium Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM Rational Application Developer for WebSphere Software. These issues were disclosed as part of the IBM Java SDK updates in October 2018. CVE(s): CVE-2018-3180, CVE-2018-3139 Affected product(s) and affected version(s): Rational Application Developer 9.0- 9.0.1.2 Rational Application ...read more