High Severity
IBM Security Bulletin: WebSphere MQ is vulnerable to disclosing side channel information via discrepencies between valid and invalid PKCS#1 padding. ROBOT. (CVE-2018-1388)
February 1, 2018
Categorized: High Severity
Share this post:
WebSphere MQ is affected by the ROBOT vulnerability where it may disclose side channel information via discrepencies between valid and invalid PKCS#1 padding.
CVE(s): CVE-2018-1388
Affected product(s) and affected version(s):
WebSphere MQ v7.0.1
- Maintenance levels 7.0.1.0 – 7.0.1.14
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22013022
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/138212
Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Event Streams
September 30, 2022 | High Severity
There are a number of vulnerabilities in Node.js that is used by IBM Event Streams. ...read more
Security Bulletin: The IBM® Engineering Requirements Management DOORS/DWA fixes for Log4j vulnerabilities CVE-2021-4104
September 30, 2022 | High Severity
Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. The IBM® Engineering Requirements Management DOORS/DWA product versions 9.6.1.x, 9.7.0.x, 9.7.1.x and 9.7.2.x are vulnerable to this attack, it has been addressed in this bulletin. ...read more
Security Bulletin: Multiple Vulnerabilities in Rational Change Fix Pack 04 for 5.3.2
September 30, 2022 | High Severity
Vulnerabilities in the Jetty 9.4.42 and earlier component shipped with Rational Change may affect the security of the product. ...read more