High Severity

IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( CVE-2018-11784)

Share this post:

A vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. Apache Tomcat is used in the management GUI of the product. The Command Line Interface is unaffected.

CVE(s): CVE-2018-11784

Affected product(s) and affected version(s):

IBM SAN Volume Controller
IBM Storwize V7000
IBM Storwize V5000
IBM Storwize V3700
IBM Storwize V3500
IBM FlashSystem V9000
IBM FlashSystem 9100 Family
IBM Spectrum Virtualize Software
IBM Spectrum Virtualize for Public Cloud

All products are affected when running supported versions 7.5 to 8.2.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10872550
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/150860

More stories

Security Bulletin: Apache log4j vulnerabilities in Spark and Zookeeper affect QRadar User Behavior Analytics(CVE-2021-4104)

August 5, 2022 | High Severity

There is a vulnerability in Apache log4j used by Spark and Zookeeper that is affecting QRadar User Behavior Analytics(UBA). This has been addressed in both dependencies and UBA has been updated to the patched versions. ...read more


Security Bulletin: Multiple vulnerabilities in Jquery-Ui, highcharts, and datatables are affecting QRadar User Behavior Analytics (CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2021-23445, CVE-2021-29489)

August 5, 2022 | High Severity

There are vulnerabilities in third party packages (JQuery-UI, Highcharts, datatables.net) affecting User Behavior Anaytics(UBA). UBA has been updated to the latest versions of these packages to address these vulnerabilities. ...read more


Security Bulletin: IBM Sterling Connect:Direct for UNIX Certified Container is affected by denial of service vulnerability in version 1.1.1k-5

August 4, 2022 | High Severity

IBM Sterling Connect:Direct for UNIX Certified Container requires openssl for LDAP support. This fix upgrades the openssl and its compnent packages to version 1.1.1k-6.el8_5 ...read more