IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Host On-Demand

Jun 22, 2019 9:01 am EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8.0 used by Host On-Demand. Host On-Demand has addressed the applicable CVEs. CVE(s): CVE-2019-2449, CVE-2018-12547 Affected product(s) and affected version(s): Host On-Demand: 12.0, 12.0.0.1, 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.0.4.1 Host On-Demand: 13.0, 13.0.1, 13.0.1.1 and 13.0.2 Refer to the following reference URLs for remediation and ...read more


IBM Security Bulletin: Vulnerabilities in cURL affect QLogic Virtual Fabric Extension Module for IBM BladeCenter

Jun 22, 2019 9:00 am EDT | High Severity

The following vulnerabilities in cURL have been addressed by QLogic Virtual Fabric Extension Module for IBM BladeCenter. CVE(s): CVE-2018-1000007, CVE-2018-1000005, CVE-2017-8818, CVE-2017-8817, CVE-2017-8816 Affected product(s) and affected version(s): Product Affected Version Qlogic Virtual Fabric Extension Module for IBM BladeCenter Firmware Update 9.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: ...read more


IBM Security Bulletin: IBM MessageSight/MessageGateway is affected by the following jQuery vulnerability

Jun 20, 2019 9:01 am EDT | Medium Severity

IBM MessageSight/MessageGateway has addressed the following jQuery vulnerability: CVE-2019-11358: jQuery mishandles jQuery.extend(true, {}, …) CVE(s): CVE-2019-11358 Affected product(s) and affected version(s): Affected IBM MessageSight Affected Versions IBM MessageSight 1.2.0.0 – 1.2.0.3 IBM MessageSight 2.0.0.0 – 2.0.0.2 IBM MessageSight 5.0.0.0 IBM MessageGateway 5.0.0.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Jun 20, 2019 9:01 am EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections. CVE(s): CVE-2019-10245, CVE-2019-2684, CVE-2019-2602, CVE-2019-2697, CVE-2019-2698 Affected product(s) and affected version(s): Content Collector for Email 4.0.0, 4.0.1 Content Collector for File ...read more


IBM Security Bulletin: IBM API Connect is affected by a denial of service vulnerability in Node.js (CVE-2019-5737)

Jun 20, 2019 9:01 am EDT | Medium Severity

IBM API Connect has addressed the following vulnerability. CVE(s): CVE-2019-5737 Affected product(s) and affected version(s): Affected IBM API Management Affected Versions IBM API Connect 5.0.0.0-5.0.8.6 IBM API Connect 2018.1-2018.4.1.4 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10882602X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158093 ...read more


IBM Security Bulletin: IBM MessageSight is affected by the following four IBM Java vulnerabilities

Jun 20, 2019 9:01 am EDT | High Severity

IBM MessageSight has addressed the following Java vulnerabilities: CVE-2018-12549: Eclipse OpenJ9 could allow a remote attacker to execute arbitrary code on the system. CVE-2018-12547: Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. CVE-2019-2422: An unspecified vulnerability in Oracle Java SE related to the Java ...read more


IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js lodash module vulnerability (CVE-2018-16487)

Jun 20, 2019 9:01 am EDT | Medium Severity

IBM Cloud Transformation Advisor has addressed the following vulnerability. Node.js lodash module (CVE-2018-16487) CVE(s): CVE-2018-16487 Affected product(s) and affected version(s):IBM Cloud Transformation Advisor Continuous Delivery Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10872242X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156530 ...read more


IBM Security Bulletin: IBM MessageSight/MessageGateway is affected by the following WebSphere Application Server vulnerability

Jun 20, 2019 9:01 am EDT | Medium Severity

IBM MessageSight/MessageGateway has addressed the following WebSphere Application Server vulnerability: CVE-2019-4046: IBM WebSphere Application Server is vulnerable to a denial of service, caused by improper handling of request headers CVE(s): CVE-2019-4046 Affected product(s) and affected version(s): Affected IBM MessageSight Affected Versions IBM MessageSight 1.2.0.0 – 1.2.0.3 IBM MessageSight 2.0.0.0 – 2.0.0.2 IBM MessageSight 5.0.0.0 IBM ...read more


IBM Security Bulletin: This Power System update is being released to address CVE-2018-5390

Jun 20, 2019 9:00 am EDT | High Severity

POWER9: In response to a denial of service vulnerability, a new Power Systems firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2018-5390. CVE(s): CVE-2018-5390 Affected product(s) and affected version(s):Firmware release FW910 and FW920 are affected. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10875814X-Force Database: ...read more