Medium Severity

IBM Security Bulletin: Vulnerabilities in NTP affect AIX

Share this post:

There are multiple vulnerabilities in NTPv3 and NTPv4 that affect AIX.

CVE(s): CVE-2014-5209, CVE-2018-7182, CVE-2018-7183, CVE-2018-7170, CVE-2018-7184, CVE-2018-7185, CVE-2016-1549

Affected product(s) and affected version(s):
AIX 5.3, 6.1, 7.1, 7.2, IOS 2.2.x

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://aix.software.ibm.com/aix/efixes/security/ntp_advisory10.asc
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/95841
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139785
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/140092
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139786
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139784
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139783
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/112741

More stories

Security Bulletin: IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2021-38877)

Sep 22, 2021 8:04 pm EDT | Medium Severity

IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. ...read more


Security Bulletin: Cache control vulnerability affects IBM Edge (CVE-2020-4805).

Sep 22, 2021 8:03 pm EDT | Medium Severity

IBM Edge is affected by a cache control vulnerability. IBM Edge has resolved this vulnerability. ...read more


Security Bulletin: IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2021-29810)

Sep 22, 2021 8:03 pm EDT | Medium Severity

IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. ...read more