High Severity

Security Bulletin: Vulnerability in OpenSLP affects Power Hardware Management Console (CVE-2019-5544)

Share this post:

The opensslp packages provide Service Location Protocol (SLP) which is an Internet Engineering Task Force (IETF) standards track protocol and provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networks. And is vulnerable by CVE-2019-5544

Affected product(s) and affected version(s):

Affected Product(s) Version(s)

Power HMC V8.8.7.0.0

Power HMC V9.1.910.0

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/3357561

More stories

Security Bulletin: Resilient is vulnerable to using Python component with known vulnerabilities in RHEL 7

Apr 7, 2020 8:01 pm EDT | High Severity

Resilient is vulnerable to using Python component with known vulnerabilities in RHEL 7. This CVE is fixed in RHEL7 as part of Errata RHSA-2019:1587 (https://access.redhat.com/errata/RHSA-2019:1587). This update is included in Resilient 33.0.5087 released on June28, 2019, and subsequent versions. It can be installed by following the instructions in https://www.ibm.com/support/knowledgecenter/SSBRUQ_33.0.0/com.ibm.resilient.doc/install/resilient_install_updates_sw.htm (The relevant package included in the update is python-2.7.5-80.el7_6.x86_64.rpm ) ...read more



Security Bulletin: A vulnerability in SQLite affects IBM Cloud Application Performance Management Response Time Monitoring Agent (CVE-2019-19959, CVE-2019-20218)

Apr 7, 2020 8:00 pm EDT | High Severity

SQLite is vulnerable to a denial of service, caused by the mishandling of certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames. By using a specially-crafted filename, a remote attacker could exploit this vulnerability to cause a denial of service condition. ...read more