Medium Severity

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2019-3815)

Share this post:

IBM has announced a release for IBM Security Identity Governance and Intelligence (IGI) in response to security vulnerability. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Security Identity Governance and Intelligence 5.2.4
IBM Security Identity Governance and Intelligence 5.2.5

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/1284766

More stories

Security Bulletin: CVE-2019-2989 vulnerabilitiy in IBM Java Runtime affects IBM Integration Designer used in IBM Business Automation Workflow and IBM Business Process Manager

Apr 1, 2020 8:00 pm EDT | Medium Severity

A vulnerabilitiy exists in IBM® Runtime Environment Java™ Versions 7 and 8 used by IBM Integration Designer. IBM Integration Designer has addressed the applicable CVE. ...read more


Security Bulletin: IBM Process Federation Server REST API is subject to DoS attacks

Apr 1, 2020 8:00 pm EDT | Medium Severity

IBM Process Federation Server Global Teams REST API does not properly shut down the thread pools that it creates, leading to OutOfMemory exceptions, and could be targeted by DoS attacks. ...read more


Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data returning decrypted credentials

Mar 31, 2020 8:01 pm EDT | Medium Severity

IBM Watson Discovery for IBM Cloud Pak for Data returns decrypted credentials for data soruces in JSON response of internal API for processing settings. ...read more