High Severity

IBM Security Bulletin: Security Vulnerabilities in IBM® Java SDK affect multiple IBM Rational products based on IBM Jazz technology Jan 2019 CPU

Share this post:

There are multiple vulnerabilities in IBM® SDK Java Technology Edition, Version 1.7 and 1.8 that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM). These issues were disclosed as part of the IBM Java SDK updates in January 2019.

CVE(s): CVE-2018-1890, CVE-2018-12547, CVE-2019-2426, CVE-2018-11212

Affected product(s) and affected version(s):
Rational Collaborative Lifecycle Management 5.0 – 6.0.6

Rational Quality Manager 5.0 – 5.0.2
Rational Quality Manager 6.0 – 6.0.6

Rational Team Concert 5.0 – 5.0.2
Rational Team Concert 6.0 – 6.0.6

Rational DOORS Next Generation 5.0 – 5.0.2
Rational DOORS Next Generation 6.0 – 6.0.6

Rational Engineering Lifecycle Manager 5.0 – 5.0.2
Rational Engineering Lifecycle Manager 6.0 – 6.0.6

Rational Rhapsody Design Manager 5.0 – 5.0.2
Rational Rhapsody Design Manager 6.0 – 6.0.6

Rational Software Architect Design Manager 5.0 – 5.0.2
Rational Software Architect Design Manager 6.0 – 6.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10875858
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152081
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157512
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155744
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/143429

More stories

IBM Security Bulletin: Potential denial of service in Liberty for Java for IBM Cloud (CVE-2018-10237)

Mar 22, 2019 10:00 am EDT | High Severity

There is a potential denial of service with the Google Guava library that is used in Liberty for Java. CVE(s): CVE-2018-10237 Affected product(s) and affected version(s):This vulnerability affects all versions of Liberty for Java in IBM Cloud up to and including v3.27. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: ...read more


IBM Security Bulletin: API Connect V2018 is impacted by information leak (CVE-2019-4052)

Mar 21, 2019 10:01 am EDT | High Severity

IBM API Connect has addressed the following vulnerability. CVE(s): CVE-2019-4052 Affected product(s) and affected version(s): Affected IBM API Management Affected Versions IBM API Connect 2018.1-2018.4.1.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10874248X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156544 ...read more


IBM Security Bulletin: Cloudant Local Apache CouchDB CVE-2018-17188: Remote Privilege Escalations

Mar 20, 2019 10:02 am EDT | High Severity

Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full system entry for unauthenticated users. CVE(s): CVE-2018-17188 Affected product(s) and affected version(s):All ...read more