High Severity

IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( CVE-2018-11784)

Share this post:

A vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. Apache Tomcat is used in the management GUI of the product. The Command Line Interface is unaffected.

CVE(s): CVE-2018-11784

Affected product(s) and affected version(s):

IBM SAN Volume Controller
IBM Storwize V7000
IBM Storwize V5000
IBM Storwize V3700
IBM Storwize V3500
IBM FlashSystem V9000
IBM FlashSystem 9100 Family
IBM Spectrum Virtualize Software
IBM Spectrum Virtualize for Public Cloud

All products are affected when running supported versions 7.5 to 8.2.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10872550
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/150860

More stories

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i

Jun 26, 2019 9:02 am EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i. IBM i has addressed the applicable CVEs. CVE(s): CVE-2019-2698, CVE-2019-2697, CVE-2019-2602, CVE-2019-2684, CVE-2019-10245 Affected product(s) and affected version(s): Releases 7.1, 7.2, 7.3 and 7.4 of IBM i are affected. Refer to the following reference URLs for ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearQuest (CVE-2018-1890, CVE-2018-12547, CVE-2019-2426)

Jun 26, 2019 9:01 am EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 and 8, which are used by IBM Rational ClearQuest. These issues were disclosed as part of the IBM Java SDK updates in January 2019. CVE(s): CVE-2018-1890, CVE-2018-12547, CVE-2019-2426 Affected product(s) and affected version(s): IBM Rational ClearQuest version 9 in the following components: ClearQuest Web/CQ ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2018-12547, CVE-2018-1890)

Jun 26, 2019 9:01 am EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 and 8, which are used by IBM Rational ClearCase. These issues were disclosed as part of the IBM Java SDK updates in March 2019. CVE(s): CVE-2018-1890, CVE-2018-12547 Affected product(s) and affected version(s): IBM Rational ClearCase version 9 in the following components: CCRC WAN server/CM ...read more