High Severity

Security Bulletin: Vulnerabilities in lodash library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2019-1010266, CVE-2020-28500, CVE-2018-16487, CVE-2018-3721, CVE-2020-8203, CVE-2021-23337, CVE-2019-10744)

Share this post:

lodash is used by Tivoli Netcool/OMNIbus WebGUI as part of its web client component. The fix includes lodash v4.17.21.

CVE(s): CVE-2019-1010266, CVE-2020-28500, CVE-2018-16487, CVE-2018-3721, CVE-2020-8203, CVE-2021-23337, CVE-2019-10744

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 FP26 and earlier

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6598689
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/168402
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/196972
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156530
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/144603
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/183560
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/196797
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/167415

More stories

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to CVE-2022-31129

August 10, 2022 | High Severity

Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to CVE-2022-31129 with details below ...read more


Security Bulletin: Multiple security vulnerabilities has been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics

August 10, 2022 | High Severity

IBM® DB2® is shipped as a component of IBM PureData System for Operational Analytics. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin (CVE-2022-22389, CVE-2022-22390, CVE-2022-25313, CVE-2022-25236, CVE-2022-25235, CVE-2022-25314, CVE-2022-25315). ...read more


Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities

August 10, 2022 | High Severity

Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities with details below ...read more