Medium Severity

Security Bulletin: Windows installers of IBM Cloud CLI prior to 0.16.2 are signed using SHA1 certificate

Share this post:

IBM Cloud CLI (prior to 0.16.2) windows installers are signed using SHA1 certificate. An attacker might be able to exploit the weak algorithm to generate a installer with malicious software inside.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Cloud CLI 0.6.0 – 0.16.1

 

 

 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/1356087

More stories

Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability

Apr 3, 2020 8:00 pm EDT | Medium Severity

IBM Security Guardium has fixed this vulnerability ...read more


Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability

Apr 3, 2020 8:00 pm EDT | Medium Severity

IBM Security Guardium has addressed the following vulnerabilities. ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium

Apr 3, 2020 8:00 pm EDT | Medium Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Security Guardium. These issues were disclosed as part of the IBM Java SDK updates in October 2019. ...read more