Medium Severity

Security Bulletin: IBM Security Privileged Identity Manager is affected by vulnerability in IBM SDK, Java Technology Edition Quarterly CPU – Oct 2020

Share this post:

IBM Security Privileged Identity Manager has addressed several vulnerabilities in Java SE.

CVE(s): CVE-2020-14779 , CVE-2020-14792 , CVE-2020-14796 , CVE-2020-14797 , CVE-2020-14798

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
ISPIM 2.1.1
ISPIM 2.0.2
ISPIM 2.1.0

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6478053
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/190097
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/190110
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/190114
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/190115
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/190116

More stories

Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM i

Sep 24, 2021 8:00 pm EDT | Medium Severity

Apache HTTP Server on IBM i is vulnerabile to the issues described in the vulnerability details section. IBM i has addressed the vulnerabilities in the Apache HTTP Server implementation as described in the remediation/fixes section. ...read more


Security Bulletin: Rational Asset Analyzer is affected by a WebSphere Application Server vulnerability.

Sep 23, 2021 8:00 pm EDT | Medium Severity

WebSphere Application Server Liberty used by Rational Asset Analyzer is vulnerable to an XML External Entity Injection (XXE) vulnerability. This has been addressed. ...read more


Security Bulletin: IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2021-38877)

Sep 22, 2021 8:04 pm EDT | Medium Severity

IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. ...read more