Medium Severity

IBM Security Bulletin: Vulnerabilities in NTPv4 affect AIX (CVE-2018-12327, CVE-2018-7170) Security Bulletin

Share this post:

There is a vulnerability in NTPv4 that affects AIX.

CVE(s): CVE-2018-12327, CVE-2018-7170

Affected product(s) and affected version(s):

AIX 6.1, 7.1, 7.2
VIOS 2.2.x

The vulnerabilities in the following filesets are being addressed:

key_fileset = aix

For NTPv4:

Fileset Lower Level Upper Level KEY
———————————————————
ntp.rte 7.4.2.8100 7.4.2.8110 key_w_fs

To find out whether the affected filesets are installed on your systems, refer to the lslpp command found in AIX user’s guide.

Example: lslpp -L | grep -i ntp.rte

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10744497
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145120
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139786

More stories

IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential directory listing of internal product files vulnerability (CVE-2018-2026)

Jan 22, 2019 9:01 am EST | Medium Severity

IBM Financial Transaction Manager for Corporate Payment Services (FTM CPS) for Multi-Platform has addressed the following vulnerability. A potential directory listing vulnerability could allow an authenticated user to obtain a directory listing of internal product files. CVE(s): CVE-2018-2026 Affected product(s) and affected version(s): FTM CPS v3.2.1.0 Refer to the following reference URLs for remediation and ...read more


IBM Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential directory listing of internal product files vulnerability (CVE-2018-2026)

Jan 22, 2019 9:01 am EST | Medium Severity

Financial Transaction Manager for Digital Payments (FTM DP) for Multi-Platform has addressed the following vulnerability. A potential directory listing vulnerability could allow an authenticated user to obtain a directory listing of internal product files. CVE(s): CVE-2018-2026 Affected product(s) and affected version(s): FTM DP v3.2.1.0 Refer to the following reference URLs for remediation and additional vulnerability ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software

Jan 22, 2019 9:01 am EST | Medium Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM Rational Application Developer for WebSphere Software. These issues were disclosed as part of the IBM Java SDK updates in October 2018. CVE(s): CVE-2018-3180, CVE-2018-3139 Affected product(s) and affected version(s): Rational Application Developer 9.0- 9.0.1.2 Rational Application ...read more