High Severity

IBM Security Bulletin: Vulnerability in Google Guava affects IBM Cúram Social Program Management (CVE-2018-10237)

Share this post:

IBM Cúram Social Program Management uses the Google Guava library indirectly through Google Guice. In versions of Google Guava library before version 24.1.1, an unbounded memory allocation vulnerability enables remote attackers to conduct denial of service attacks against servers that depend on the library, and to deserialize attacker-provided data.

CVE(s): CVE-2018-10237

Affected product(s) and affected version(s):
IBM Cúram Social Program Management 7.0.5.0 – 7.0.6.0 IBM Cúram Social Program Management 7.0.0.0 – 7.0.4.0
Note: The Google Guava library was not present in version 6.1.x and earlier versions, so these versions are not vulnerable.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10886175
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/142508

More stories

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA

Feb 25, 2020 7:00 pm EST | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6/7 used by ITCAM for SOA. ITCAM for SOA has addressed the applicable CVEs. ...read more


Security Bulletin: Java Update

Feb 25, 2020 7:00 pm EST | High Severity

IBM SDK, Java Technology Edition Quarterly Critical Patch Update - Oct 2019 - Includes Oracle Oct 2019 CPU ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect TPF Toolkit

Feb 25, 2020 7:00 pm EST | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by TPF Toolkit. TPF Toolkit has addressed the applicable CVEs. ...read more