High Severity

IBM Security Bulletin: WebSphere MQ is vulnerable to disclosing side channel information via discrepencies between valid and invalid PKCS#1 padding. ROBOT. (CVE-2018-1388)

Share this post:

WebSphere MQ is affected by the ROBOT vulnerability where it may disclose side channel information via discrepencies between valid and invalid PKCS#1 padding.

CVE(s): CVE-2018-1388

Affected product(s) and affected version(s):

WebSphere MQ v7.0.1

  • Maintenance levels 7.0.1.0 – 7.0.1.14

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22013022
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/138212

More stories

IBM Security Bulletin: IBM Security Access Manager Appliance has released a fix in response to the vulnerabilities known as Spectre and Meltdown

Aug 21, 2018 9:00 am EDT | High Severity

IBM has released the following fixes for IBM Security Access Manager Appliance in response to CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754. CVE(s): CVE-2017-5753 , CVE-2017-5715 , CVE-2017-5754 Affected product(s) and affected version(s): Affected Product Name Affected Versions IBM Security Access Manager for Web 7.0 – 7.0.0.34 IBM Security Access Manager for Web 8.0 – 8.0.1.7 IBM Security ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Aug 20, 2018 9:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections. These issues were disclosed as part of the IBM Java SDK updates in April 2018. CVE(s): CVE-2018-2798, CVE-2018-2783, CVE-2018-2794, CVE-2018-2800, CVE-2018-2795, ...read more


IBM Security Bulletin: A Vulnerability in IBM Java Runtime Affects IBM Sterling Connect:Direct FTP+

Aug 17, 2018 9:01 am EDT | High Severity

There is a vulnerability in IBM® Runtime Environment Java™ Version 7.0.10.10 used by IBM Sterling Connect:Direct FTP+. This issue was disclosed as part of the IBM Java SDK updates in April 2018. CVE(s): CVE-2018-2783 Affected product(s) and affected version(s): IBM Sterling Connect:Direct FTP+ 1.3.0 Refer to the following reference URLs for remediation and additional vulnerability ...read more