Low Severity

Security Bulletin: IBM Sterling Connect:Direct for UNIX Certified Container is vulnerable to sensitive information exposure due to GNU ncurses (CVE-2019-17595, CVE-2019-17594)

Share this post:

IBM Sterling Connect:Direct for UNIX Certified Container bundles ncurses as third party packages in its container image which has the vulnerability where attacker can obtain sensitive information. This fix updates ncurses to 6.1-9.20180224.el8.

CVE(s): CVE-2019-17595, CVE-2019-17594

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Sterling Connect:Direct for UNIX 6.0.0
IBM Sterling Connect:Direct for UNIX 6.1.0
IBM Sterling Connect:Direct for UNIX 6.2.0

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6610271
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/168972
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/168970

More stories

Security Bulletin: IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps is vulnerable to cross-site request forgery (CVE-2022-22493)

October 4, 2022 | Low Severity

IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps is vulnerable to cross-site request forgery. This has been addressed. ...read more


Security Bulletin: IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact is vulnerable to information disclosure when the adminCenter-1.0 feature has been enabled (CVE-2022-22393)

October 3, 2022 | Low Severity

IBM WebSphere Application Server Liberty is used by IBM Tivoli Netcool Impact as the application server host. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. ...read more


Security Bulletin: IBM Tivoli Monitoring Basic Services is vulnerable to a denial of service attack in zlib component (CVE-2018-25032)

September 30, 2022 | Low Severity

Fixes a vulnerability reported in the zlib that is used by IBM Tivoli Monitoring for historical data collection (CVE-2018-25032). ...read more