Critical Severity

Security Bulletin: Multiple vulnerabilities have been identified in Oracle Jan 2021 CPU for Java 8 shipped with IBM® Intelligent Operations Center (CVE-2020-14803) (CVE-2020-27221)

Share this post:

Multiple vulnerabilities have been identified in Oracle Jan 2021 CPU for Java 8 which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs.

CVE(s): CVE-2020-14803 , CVE-2020-27221

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Intelligent Operations Center (IOC) 5.1.0, 5.1.0.2, 5.1.0.3, 5.1.0.4, 5.1.0.6, 5.2, 5.2.1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6486715
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/190121
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/195353

More stories

Security Bulletin: IBM Cloud Pak for Business Automation is affected but not classified as vulnerable by a remote code execution in Spring Framework [CVE-2022-22965]

October 5, 2022 | Critical Severity

IBM Cloud Pak for Business Automation is affected but not classified as vulnerable to a remote code execution in Spring Framework as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Parts of the Spring framework is used in multiple components of Cloud Pak for Business Automation to perform transaction management, database access or processing of web request. The fix includes Spring V5.3.20 and later and removes Spring from some product components. [CVE-2022-22965] ...read more


Security Bulletin: IBM HTTP Server is vulnerable to arbitrary code execution due to Expat (CVE-2022-40674)

October 5, 2022 | Critical Severity

IBM HTTP Server used by IBM WebSphere Application Server is vulnerable to arbitrary code execution due to Expat. The Expat library is used by IBM HTTP Server's WebDAV (mod_dav) support, but may also be used by third-party Apache HTTP Server modules if they have been loaded into the server by the administrator. This has been addressed. [CVE-2022-40674] ...read more


Security Bulletin: IBM Tivoli Monitoring is vulnerable to remote code execution [CVE-2022-40674]

October 4, 2022 | Critical Severity

The libexpart parser that is used by IBM Tivoli Monitoring for parsing various configuration xml files and parsing soap requests is potentially vulnerable to remote code execution [CVE-2022-40674]. ...read more