Medium Severity

Security Bulletin: Vulnerability in IBM Websphere Application Server Liberty used by IBM Cloud Pak System (CVE-2019-12402)

Share this post:

There are vulnerabilities in Websphere Liberty used by IBM CloudPak System. IBM Cloud Pak System has addressed the vulnerability. IBM Cloud Pak System has released v2.3.1.1 that includes Websphere Application Server Liberty 19.0.0.9 , and for Websphere Application Server Traditional v8.5.5.16 and v9.0.5.1.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Cloud Pak System 2.3
IBM Cloud Pak System 2.2

Affected Supporting Products

Liberty

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/1282006

More stories

Security Bulletin: Multiple cross-site scripting vulnerabilities affect IBM DOORS Next Generation

Apr 7, 2020 8:01 pm EDT | Medium Severity

There are multiple cross-site scripting defects that affect IBM DOORS Next Generation (DNG/RRC) ...read more


Security Bulletin: IBM Security Information Queue has insufficient session expiration (CVE-2020-4284)

Apr 7, 2020 8:01 pm EDT | Medium Severity

IBM Security Information Queue (ISIQ) does not have a mechanism for terminating idle UI sessions. This leaves an unattended ISIQ session vulnerable to being compromised. As of v1.0.6, ISIQ automatically terminates a session that has been idle for 60 minutes. The timeout value is configurable. ...read more


Security Bulletin: IBM Security Information Queue uses components with known vulnerabilities (CVE-2019-8331, CVE-2019-11358)

Apr 7, 2020 8:00 pm EDT | Medium Severity

The IBM Security Information Queue (ISIQ) web server utilizes a Node.js runtime environment. The environment includes several open source packages with known vulnerabilities. As of ISIQ v1.0.6, the open source packages have been upgraded to the recommended secure versions. ...read more