Medium Severity

IBM Security Bulletins: There is a security vulnerability in the XLXP-C component which is shipped in IBM Integration Bus and App Connect Enterprise (CVE-2018-1801)

Share this post:

There is a security vulnerability in the XLXP-C component which is shipped in IBM Integration Bus and App Connect Enterprise. A successful exploitation of the vulnerability could lead to a denial of service attack.

CVE(s): CVE-2018-1801

Affected product(s) and affected version(s):

IBM App Connect V11.0.0.0 – V11.0.0.1

IBM Integration Bus V10.0.0.0 -V10.0.0.13

IBM Integration Bus V9.0.0.0 – V9.0.0.10

WebSphere Message Broker V8.0.0.0 -V8.0.0.9

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10795780
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/149639

More stories

Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale which allows users to embed arbitrary JavaScript code in the Web UI (CVE-2019-4665)

Dec 10, 2019 7:01 pm EST | Medium Severity

CVEID:   CVE-2019-4665 DESCRIPTION:   IBM Spectrum Scale is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.CVSS Base score: 5.4CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171247 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) ...read more


Security Bulletin: IBM Integration Bus & IBM App Connect Enterprise are affected by a Websphere Application Server Vulnerability (CVE-2018-1996)

Dec 10, 2019 7:00 pm EST | Medium Severity

CVEID:   CVE-2018-1996 DESCRIPTION:   IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 154650.CVSS Base score: 5.3CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/154650 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) ...read more


Security Bulletin: CVE-2019-10072

Dec 10, 2019 7:00 pm EST | Medium Severity

CVEID:   CVE-2019-10072 DESCRIPTION:   The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.CVSS Base score: 5.3CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/162806 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) ...read more