Medium Severity

Security Bulletin: IBM Security Guardium is affected by an OpenSSL vulnerability

Share this post:

IBM Security Guardium has addressed the following vulnerability

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Security Guardium 11.0

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/1106553

More stories

Security Bulletin: IBM Transparent Could Tiering is affected by a vulnerability in Apache Commons Compress (CVE-2019-12402)

Dec 7, 2019 7:00 pm EST | Medium Severity

CVEID:   CVE-2019-12402 DESCRIPTION:   The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.CVSS Base score: 5.3CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165956 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) ...read more


Security Bulletin: IBM Transparent Cloud Tiering is affected by Netty vulnerability

Dec 7, 2019 7:00 pm EST | Medium Severity

CVEID:   CVE-2019-16869 DESCRIPTION:   Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.CVSS Base score: 6.5CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/167672 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) ...read more


Security Bulletin: IBM Spectrum Scale Transparent Cloud Tiering is affected by multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8

Dec 7, 2019 7:00 pm EST | Medium Severity

CVEID:   CVE-2019-2762 DESCRIPTION:   Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).CVSS Base score: 5.3CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163826 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID:   CVE-2019-2769 DESCRIPTION:   Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).CVSS Base score: 5.3CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163832 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) ...read more