Medium Severity

Security Bulletin: Java vulnerabilities affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Share this post:

Vulnerabilities in Java SE affects IBM SAN Volume Controller, IBM Storwize V7000, V5000, V5100, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. The applicable vulnerabilities are CVE-2019-2989 and CVE-2019-2964.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
SAN Volume Controller and Storwize Family 8.3
SAN Volume Controller and Storwize Family 8.2
SAN Volume Controller and Storwize Family 7.8

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6250887

More stories

Security Bulletin: Vulnerability in Axios affects IBM Process Mining . IBM X-Force ID: 232247

August 9, 2022 | Medium Severity

There is a vulnerability in Axios that could allow a remote attacker to obtain sensitive information. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. ...read more


Security Bulletin: IBM Workload Scheduler is vulnerable to arbitrary file creation vulnerability due to CVE-2022-22369 affecting JLOG component

August 8, 2022 | Medium Severity

The Jlog component on the Master Domain Manager of IBM Workload Scheduler permits an unauthenticated user to interact with the system making it possible to modify the way the service works or modify system files. ...read more


Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to Identity Spoofing (CVE-2022-22476)

August 8, 2022 | Medium Severity

Liberty for Java for IBM Cloud is vulnerable to identity spoofing with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0 or appSecurity-4.0 feature enabled. This has been addressed. ...read more