Medium Severity

IBM Security Bulletin:IBM SDK, Java Technology Edition Quarterly CPU – Oct 2018 – Includes Oracle Oct.2018 CPU affects DB2 Recovery Expert for Linux, Unix and Windows

Share this post:

There is vulnerability in IBM® Runtime Environment Java™ Version Java 1.8.0 SR5 FP16 and earlier used by DB2 Recovery Expert for Linux, Unix and Windows. These issues were disclosed as part of the IBM Java SDK updates in Oct. 2018.

CVE(s): CVE-2018-3180

Affected product(s) and affected version(s):

DB2 Recovery Expert for LUW 5.1
DB2 Recovery Expert for LUW 5.1 Interim Fix 1 (IF1)
DB2 Recovery Expert for LUW 5.1.0.1 (also called 5.1 Fix Pack 1)
DB2 Recovery Expert for LUW 5.1.0.1 IF1
DB2 Recovery Expert for LUW 5.1.0.1 IF2
DB2 Recovery Expert for LUW 5.1.0.2 (also called 5.1 Fix Pack 2)
DB2 Recovery Expert for LUW 5.1.0.2 IF1
DB2 Recovery Expert for LUW 5.1.0.3 (also called 5.1 Fix Pack 3)

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10742763
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151497

More stories

IBM Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server

Sep 19, 2019 9:02 am EDT | Medium Severity

There are multiple vulnerabilities in the IBM HTTP Server used by WebSphere Application Server. CVE(s): CVE-2018-20843, CVE-2019-10092, CVE-2019-10098 Affected product(s) and affected version(s): This vulnerability affects the following version and release of IBM HTTP Server (powered by Apache) component in all editions of WebSphere Application Server and bundling products. Version 9.0 Version 8.5 Version 8.0 ...read more


IBM Security Bulletin: IBM Security Key Lifecycle Manager uses Weak password policy (CVE-2019-4565)

Sep 18, 2019 9:02 am EDT | Medium Severity

IBM Security Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. CVE(s): CVE-2019-4565 Affected product(s) and affected version(s): Principal Product and Version(s) IBM Security Key Lifecycle Manager (SKLM) v3.0 – v3.0.0.2 on distributed platforms IBM Security Key Lifecycle Manager (SKLM) ...read more


IBM Security Bulletin: Path Traversal exposure in the Save/Export function of the FTM OAC

Sep 17, 2019 9:00 am EDT | Medium Severity

The “Save/Export” function available on all search result displays (tabulated results) is potentially vulnerable to a Path Traversal type attack. CVE(s): CVE-2018-1847 Affected product(s) and affected version(s): Principal Product and Version(s) Financial Transaction Manager for MP v2.0.0.0 through 2.0.0.5 Financial Transaction Manager for MP v2.1.0.0 through 2.1.0.4 Financial Transaction Manager for MP v2.1.1.0 through 2.1.1.4 ...read more