Medium Severity

Security Bulletin: Websphere denial-of-service vulnerability affects IBM Control Center (CVE-2019-12402)

Share this post:

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.

Affected product(s) and affected version(s):

Affected Product(s)

Version(s)

IBM Control Center

6.0.0.0 through 6.0.0.2 iFix08

IBM Control Center

6.1.0.0 through 6.1.2.1 iFix01

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/1284568

More stories

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2019-4304)

Mar 25, 2020 8:00 pm EDT | Medium Severity

IBM WebSphere Application Server Liberty is shipped as a component of IBM Tivoli Netcool Impact. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. ...read more


Security Bulletin: Security vulnerability is identified in Apache POI server where Rational Asset Manager is deployed (CVE-2019-12415)

Mar 24, 2020 8:01 pm EDT | Medium Severity

The Apache POI that is bundled along with Rational Asset Manager has a potential security vulnerability, which could be exploited by a remote attacker to obtain sensitive information. Respective security vulnerabilities are discussed in detail in the subsequent sections. ...read more


Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Impact (CVE-2019-4441)

Mar 24, 2020 8:00 pm EDT | Medium Severity

IBM WebSphere Application Server is shipped as a component of IBM Tivoli Netcool Impact. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. ...read more