High Severity

Potential CPU Security Issue

Share this post:

On Wednesday, January 3, researchers announced a security vulnerability impacting microprocessors.  IBM is working with our clients and industry partners on this issue, which has the potential to affect many types of computing devices from different manufacturers. It’s important to note there are no known cases where this vulnerability has been used maliciously.

Patches will be made available for IBM systems via our normal customer portals. Further details concerning potentially impacted processors in the POWER family can be found here.  Per our business as usual process, all information for IBM Z clients can be found at the IBM Z Portal.

IBM Storage appliances are not impacted by this vulnerability.  For Storage, further details concerning this vulnerability can be found here.

Additional information will be provided through normal IBM communications channels, including IBM Security Bulletins. Please actively monitor both your IBM Support Portal and the IBM PSIRT Blog.

The most immediate action clients can take to protect themselves is to prevent execution of unauthorized software on any system that handles sensitive data, including adjacent virtual machines.

We will continue to update this blog to include additional information as appropriate.

More High Severity stories

Security Bulletin: Security Vulnerabilties have been addressed in IBM Cognos Analytics

Jan 5, 2020 8:03 pm EST | High Severity

This Security Bulletin addresses vulnerabilities that have been addressed in IBM Cognos Analytics 11.1.4 and 11.0.13 FP2. A vulnerability has been addressed where a parameter in a Cognos URL can be modified such that Cognos HTTP messages are forwarded to a hostile server. (CVE-2018-1721) A vulnerability has been addressed where the The X-Powered-By attribute is ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Check Services for Multi-Platform

Jan 5, 2020 7:44 pm EST | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 or Version 8 used by Financial Transaction Manager for Check Services for Multi-Platform (FMT CHK). Financial Transaction Manager for Check Services for Multi-Platform has addressed the applicable CVEs. Affected Products and Versions FTM CHK: v3.0.0.0 – 3.0.0.15, v3.0.2.0 – 3.0.2.1, v3.0.5.0 – 3.0.5.4 Refer ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services for Multi-Platform

Jan 5, 2020 7:24 pm EST | High Severity

There are multiple vulnerabilities in the IBM® Runtime Environment Java™ Version 7 or version 8 used by Financial Transaction Manager for Corporate Payment Services for Multi-Platform (FTM CPS). Financial Transaction Manager for Corporate Payment Services for Multi-Platform has addressed the applicable CVEs. Affected Products and Versions FTM CPS: v3.0.2.0 – 3.0.2.1, v3.2.1.0 Refer to the ...read more