Low Severity

Security Bulletin: Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (Multiple CVEs)

Share this post:

There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus. These were disclosed as part of the IBM Java SDK updates in October 2020 and January 2021.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Netcool/OMNIbus 8.1.0

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6444121

More stories

Security Bulletin: Client-side HTTP Parameter Pollution in WAS Intelligent Management Admin console

May 18, 2021 8:02 pm EDT | Low Severity

Client-side HTTP Parameter Pollution in WAS Intelligent Management Admin console. TWAS pen testing uncovered an issue with the admin console that allows Client-side HTTP Parameter Pollution. The user must be navigating the affected resources. Client-side HTTP parameter pollution (HPP) vulnerabilities arise when an application embeds user input in URLs in an unsafe manner. An attacker can use this vulnerability to construct a URL that, if visited by another application user, will modify URLs within the response by inserting additional query string parameters and sometimes overriding existing ones. This may result in links and forms having unexpected side effect. In this case it is possible to inject and execute arbitrary JavaScript but it does require that the user click the link for this reason Coalfire has decreased severity from High to Low.Affects: WAS VE 7.0, WAS ND 8.5, 9.0 See bulletin for fixpack and ifix details. ...read more


Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities – Java SE (CVE-2020-14782)

May 18, 2021 8:02 pm EDT | Low Severity

IBM Resilient SOAR is Using Components with Known Vulnerabilities - Java SE (CVE-2020-14782) ...read more


Security Bulletin: A vulnerability in Java affects IBM Cloud Pak for Multicloud Management Monitoring

May 18, 2021 8:02 pm EDT | Low Severity

An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. ...read more