Medium Severity

Security Bulletin: Vulnerabilities in Curl affect PowerSC (CVE-2019-5481, CVE-2019-5482)

Share this post:

There are vulnerabilities in Curl that affect PowerSC.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
PowerSC 1.2
PowerSC 1.3

The vulnerabilities in the following filesets are being addressed:

key_fileset = powerscStd.tnc_pm

key_fileset = curl-7.67.0-1.ppc.rpm

Fileset  Lower Level  Upper Level 

powerscStd.tnc_pm 

1.2.0.3  1.3.0.0 

curl-7.67.0-1.ppc.rpm

 7.65.4 7.67.01

Note:  To find out whether the affected PowerSC filesets are installed on your systems, refer to the lslpp command found in AIX user's guide. To find out whether the affected curl filesets are installed on your systems, refer to the rpm command found in AIX user's guide.

 

Example:  lslpp -l | grep powerscStd

Example:  rpm -qa | grep curl

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/3243915

More stories

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data returning decrypted credentials

Mar 31, 2020 8:01 pm EDT | Medium Severity

IBM Watson Discovery for IBM Cloud Pak for Data returns decrypted credentials for data soruces in JSON response of internal API for processing settings. ...read more


Security Bulletin: Possible denial of service vulnerability in Watson Knowledge Catalog for IBM Cloud Pak for Data

Mar 31, 2020 8:01 pm EDT | Medium Severity

There is a possible denial of service vulnerability in some of the Watson Knowledge Catalog for IBM Cloud Pak for Data UI services. This vulnerability has been addressed. ...read more


Security Bulletin: Vulnerability in jQuery affects IBM Tririga Application Platform (CVE-2019-11358)

Mar 31, 2020 8:01 pm EDT | Medium Severity

jQuery used by IBM Tririga Application Platform is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. ...read more