Medium Severity
Security Bulletin: Rational Asset Analyzer is affected by two WebSphere Application Server vulnerabilities (CVE-2018-25031, CVE-2021-46708)
May 5, 2022
Categorized: Medium Severity
Share this post:
There are multiple vulnerabilities in the swagger-ui library used by IBM WebSphere Application Server Liberty. These vulnerabilities could allow spoofing attacks or clickjacking vulnerabilities. This has been addressed.
CVE(s): CVE-2018-25031, CVE-2021-46708
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| Rational Asset Analyzer (RAA) | 6.1.0.0 – 6.1.0.23 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6583051
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217346
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217359
Security Bulletin: IBM Netezza for Cloud Pak for Data is vulnerable to injection attack due to urllib package in Python3 (CVE-2022-0391)
August 9, 2022 | Medium Severity
IBM Netezza for Cloud Pak for Data is vulnerable to injection attack due to improper input validation by the urllib.parse module from Python3. Vulnerability is addressed by upgrading Pytthon to version 3.9.7. ...read more
Security Bulletin: IBM Sterling B2B Integrator is vulnerable to denial of service due to SnakeYAML (CVE-2017-18640)
August 9, 2022 | Medium Severity
MyFG 2.0 of IBM Sterling B2B Integrator uses SnakeYAML. There is a denial of service vulnerability in SnakeYAML which has been addressed. ...read more
Security Bulletin: Vulnerabilities in the Java JDK affect IBM Event Streams (CVE-2021-35550, CVE-2021-35603)
August 9, 2022 | Medium Severity
There are a number of vulnerabilities in the Java JDK used by IBM Event Streams. ...read more