Medium Severity

IBM Security Bulletin: Vulnerability in IBM Java SDK affect IBM Tivoli System Automation Application Manager April 2019 CPU (CVE-2019-2684)

Share this post:

There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation Application Manager 4.1.0.0 – 4.1.0.1 . These issues were disclosed as part of the IBM Java SDK updates in April 2019. There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli System Automation Application Manager 4.1.0.2. These issues were disclosed as part of the IBM Java SDK updates in April 2019.

CVE(s): CVE-2019-2684

Affected product(s) and affected version(s):
IBM Tivoli System Automation Application Manager 4.1.0.0 – 4.1.0.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10884534
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159776

More stories

Security Bulletin: IBM Planning Analytics Local is affected by security vulnerabilities

Dec 6, 2019 7:00 pm EST | Medium Severity

CVEID:   CVE-2019-4612 DESCRIPTION:   IBM Planning Analytics Workspace is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks.CVSS Base score: 6.3CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168523 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N)   CVEID:   CVE-2019-4611 DESCRIPTION:   IBM Planning Analytics is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.CVSS Base score: 5.4CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168519 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)   ...read more


Security Bulletin: Vulnerability affects IBM Watson Assistant for IBM Cloud Pak for Data

Dec 6, 2019 7:00 pm EST | Medium Severity

CVEID:   CVE-2019-4428 DESCRIPTION:   IBM WDC - Watson Assistant is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.CVSS Base score: 5.4CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/162807 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) ...read more


Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind

Dec 6, 2019 7:00 pm EST | Medium Severity

CVEID:   CVE-2019-16335 DESCRIPTION:   A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.CVSS Base score: 5.3CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/167205 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) ...read more