Low Severity

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Performance Management products

Share this post:

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Monitoring. IBM Monitoring has addressed the applicable CVEs.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Cloud APM, Base Private 8.1.4
IBM Cloud APM, Advanced Private 8.1.4
IBM Cloud APM 8.1.4
IBM Monitoring 8.1.3
IBM Application Diagnostics 8.1.3
IBM Application Performance Management 8.1.3
IBM Application Performance Management Advanced 8.1.3

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/1106973

More stories

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility

Apr 8, 2020 8:00 pm EDT | Low Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVEs. ...read more


Security Bulletin: IBM Security Information Queue could reveal sensitive data in application error messages (CVE-2020-4164)

Apr 7, 2020 8:01 pm EDT | Low Severity

In response to certain application errors, IBM Security Information Queue (ISIQ) could output messages that contain sensitve data, which could then be used to gain unauthorized system access. As of v1.0.6, ISIQ no longer includes sensitve data when outputting error messages. ...read more


Security Bulletin: Insufficient command validation in IBM Security Information Queue (CVE-2020-4282)

Apr 7, 2020 8:01 pm EDT | Low Severity

IBM Security Information Queue (ISIQ) does not implement encoding or escaping of command requests that originate in the web UI. For example, it would be possible to intercept a product configuration request, and replace the product name with illegal characters. As of v1.0.6, ISIQ performs back-end validation to ensure that commands have not been tampered with. ...read more