High Severity

Security Bulletin: IBM CICS TX Advanced is vulnerable to spoofing due to a flaw in Eclipse Paho, used by IBM WebSphere Application Server Liberty (CVE-2019-11777)

Share this post:

WebSphere Application Server Liberty is used by IBM CICS TX Advanced to provide a web based administration console. The fix removes the spoofing vulnerability CVE-2019-11777 from Liberty.

CVE(s): CVE-2019-11777

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM CICS TX Advanced 10.1
IBM CICS TX Advanced 11.1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6695831
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/167068

More stories

Security Bulletin: ISC BIND on IBM i is vulnerable to denial of service due to memory leaks and a flaw in resolver code (CVE-2022-2795, CVE-2022-38177, CVE-2022-38178)

November 28, 2022 | High Severity

ISC BIND on IBM i is vulnerable to a denial of service attack due to memory leaks in the DNSSEC verification code and a flaw in resolver code to degrade performance as described in the vulnerability details section. IBM i has addressed the vulnerabilities in ISC BIND with a fix as described in the remediation/fixes section. ...read more


Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution due to X-Force 237819

November 25, 2022 | High Severity

Node.js moment-timezone is used by IBM App Connect Enterprise Certified Container for handling timezone information. IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability X-Force 237819 in Node.js moment-timezone. ...read more


Security Bulletin: IBM Sterling Control Center is vulnerable to denial of service due to Websphere Liberty (CVE-2022-24839)

November 23, 2022 | High Severity

IBM Sterling Control Center is vulnerable to potential a denial of service, caused by a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup in the fork of org.cyberneko.html. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. ...read more