Medium Severity

Security Bulletin: A vulnerability in Apache CXF affects IBM Cloud App Management (CVE-2019-12406)

Share this post:

Apache CXF is vulnerable to a denial of service, caused by the failure to restrict the number of message attachments present in a given message. By sending a specially-crafted message containing an overly large number of message attachments, a remote attacker could exploit this vulnerability to cause a denial of service condition. This vulnerability has been addressed by IBM Cloud App Management in a later version.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Cloud App Management V2018 2019.3.0
IBM Cloud App Management V2018 2019.4.0

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6190575

More stories

Security Bulletin: Websphere Hibernate Validator Vulnerability Affects IBM Control Center (CVE-2020-10693)

Jan 15, 2021 7:00 pm EST | Medium Severity

Hibernate Validator could allow a remote attacker to bypass security restrictions, caused by a flaw in the message interpolation processor. ...read more


Security Bulletin: IBM Integration Bus & IBM App Connect Enterprise are affected by a Websphere Application Server Vulnerability (CVE-2020-4576)

Jan 15, 2021 7:00 pm EST | Medium Severity

IBM Integration Bus and IBM App Connect Enterprise are affected by a WebSphere Application Server vulnerability which was reported and has been addressed. Vulnerability details are listed below ...read more


Security Bulletin: Apache ActiveMQ Vulnerability Affects IBM Control Center (CVE-2020-13920)

Jan 15, 2021 7:00 pm EST | Medium Severity

Apache ActiveMQ is vulnerable to a man-in-the-middle attack. ...read more