Medium Severity

Security Bulletin: Vulnerabilities in Java and WLP affects IBM Cloud Application Business Insights

Share this post:

Vulnerabilities in Java and WLP affects IBM Cloud Application Business Insights

CVE(s): CVE-2021-20492, CVE-2021-2161

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Cloud Application Business Insights 1.1.6
IBM Cloud Application Business Insights 1.1.5
IBM Cloud Application Business Insights 1.1.3
IBM Cloud Application Business Insights 1.1.4
IBM Cloud Application Business Insights 1.1.6
IBM Cloud Application Business Insights 1.1.5
IBM Cloud Application Business Insights 1.1.3
IBM Cloud Application Business Insights 1.1.4

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6476580
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/197793
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/200290

More stories

Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM i

Sep 24, 2021 8:00 pm EDT | Medium Severity

Apache HTTP Server on IBM i is vulnerabile to the issues described in the vulnerability details section. IBM i has addressed the vulnerabilities in the Apache HTTP Server implementation as described in the remediation/fixes section. ...read more


Security Bulletin: Rational Asset Analyzer is affected by a WebSphere Application Server vulnerability.

Sep 23, 2021 8:00 pm EDT | Medium Severity

WebSphere Application Server Liberty used by Rational Asset Analyzer is vulnerable to an XML External Entity Injection (XXE) vulnerability. This has been addressed. ...read more


Security Bulletin: IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2021-38877)

Sep 22, 2021 8:04 pm EDT | Medium Severity

IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. ...read more