Medium Severity

Security Bulletin: A vulnerability in Apache HttpClient affects IBM Tivoli Business Service Manager (CVE-2020-13956)

Share this post:

Apache HttpClient is shipped with IBM Tivoli Business Manager 6.2.0 as part of is web service infrastructure. Information about security vulnerabilities affecting Apache HttpClient has been published in a security bulletin.

CVE(s): CVE-2020-13956

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Tivoli Business Service Manager 6.2.0

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6826619
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/189572

More stories

Security Bulletin: Multiple vulnerabilities in Netty libraries affect IBM Operations Analytics Predictive Insights (CVE-2021-43797 CVE-2022-24823)

November 29, 2022 | Medium Severity

Netty library vulnerabilities affect IBM Operations Analytics Predictive Insights [CVE-2021-43797 CVE-2022-24823]. Netty is used by IBM Operations Analytics Predictive Insight in the REST Mediation utility. The vulnerabilities have been addressed. ...read more


Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights

November 29, 2022 | Medium Severity

Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights 1.3.6 or earlier. The following vulnerabilities have been addressed: [ CVE-2021-35550, CVE-2021-35603] ( causing no confidentiality impact ), [CVE-2022-21248, CVE-2022-21291, CVE-2022-21434, CVE-2022-21496] ( causing no confidentiality impact, low integrity impact, and denial of service ), [CVE-2022-21443, CVE-2021-35561, CVE-2022-21360, CVE-2022-21341, CVE-2022-21305, CVE-2022-21349, CVE-2022-21340, CVE-2022-21294, CVE-2022-21293, CVE-2022-21365( causing a denial of service ) ...read more


Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to denial of service due to Jettison-json (CVE-2022-40149, CVE-2022-40150)

November 28, 2022 | Medium Severity

Jettison-json is used by IBM UrbanCode Deploy (UCD) for parsing JSON data. A remote authenticated user may cause high memory usage by sending a request containing specially crafted JSON data. (CVE-2022-40149, CVE-2022-40150) ...read more