IBM Security Bulletin: Cross-site scripting vulnerability in Installation Verification Tool of WebSphere Application Server (CVE-2018-1643)

Nov 13, 2018 8:00 am EST | Medium Severity

There is a potential cross-site scripting vulnerability with the Installation Verification Tool of IBM WebSphere Application Server. CVE(s): CVE-2018-1643 Affected product(s) and affected version(s): This vulnerability affects the following versions and releases of IBM WebSphere Application Server: Version 9.0 Version 8.5 Version 8.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source ...read more


IBM Security Bulletin: Denial of Service vulnerability affects IBM Spectrum Protect Client and IBM Spectrum Protect for Virtual Environments (CVE-2018-1786)

Nov 9, 2018 8:02 am EST | Medium Severity

IBM Spectrum Protect (formerly Tivoli Storage Manager) Client and IBM Spectrum Protect for Virtual Environments is vulnerable to a denial of service caused by incorrect accumulation of TCP/IP sockets in a CLOSE_WAIT state. CVE(s): CVE-2018-1786 Affected product(s) and affected version(s): This security exposure affects the following products and levels: IBM Spectrum Protect (formerly Tivoli Storage ...read more


IBM Security Bulletin: Potential cross-site scripting vulnerability in WebSphere Application Server using SIBMsgMigration Utility (CVE-2018-1798)

Nov 9, 2018 8:01 am EST | Medium Severity

Potential cross-site scripting vulnerability in WebSphere Application Server using Message Migration Utility (SIBMsgMigration). The Message Migration Utility is not deployed by default. You are only at risk if you have deployed the application. CVE(s): CVE-2018-1798 Affected product(s) and affected version(s): This vulnerability affects the following versions and releases of IBM WebSphere Application Server: Version 9.0 ...read more


IBM Security Bulletin: Security Bulletin: A Zip Slip vulnerability is exposed in Case Manager (CVE-2018-1884)

Nov 9, 2018 8:01 am EST | Medium Severity

IBM Case Manager has addressed the following vulnerability. A Zip Slip vulnerability is exposed in Case Manager with the ability to import solution package zip files. (CVE-2018-1884) CVE(s): CVE-2018-1884 Affected product(s) and affected version(s): Affected IBM Case Manager Affected Versions IBM Case Manager 5.3.X IBM Case Manager 5.2.1 IBM Case Manager 5.2.0 IBM Case Manager ...read more


IBM Security Bulletin: Information Disclosure in IBM WebSphere Application Server Liberty affects IBM Spectrum Protect for Virtual Environments (CVE-2018-1553)

Nov 9, 2018 8:01 am EST | Medium Severity

Information disclosure vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Protect (formerly Tivoli Storage Mangaer) for Virtual Environments. CVE(s): CVE-2018-1553 Affected product(s) and affected version(s): The following levels of IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware are affected: 8.1.0.0 through 8.1.6.0 7.1.0.0 through 7.1.8.3 The following ...read more


IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2018-1872)

Nov 8, 2018 8:01 am EST | Medium Severity

IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVE(s): CVE-2018-1872 Affected product(s) and affected version(s): This vulnerability affects the following versions of the IBM Maximo Asset Management ...read more


IBM Security Bulletin: IBM® Db2®’s RCAC rules are not being enforced by CTAS sub-select statements (CVE-2018-1857).

Nov 7, 2018 8:02 am EST | Medium Severity

Db2’s Row and Column Access Control (RCAC) rules are not being enforced when creating a table using AS (CTAS) sub-select statements. RCAC is not enforced when Db2 uses the ‘WITH DATA’ clause to select and insert data into the target table. CVE(s): CVE-2018-1857 Affected product(s) and affected version(s): All fix pack levels of IBM Db2 ...read more


IBM Security Bulletin: Vulnerabilities in Python affect IBM Operations Analytics Predictive Insights (CVE-2018-1060, CVE-2018-1061)

Nov 7, 2018 8:01 am EST | Medium Severity

Python is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVEs. Note that the usage of Python within IBM Operations Analytics Predictive Insights is limited to the REST Mediation utility. If you do not use that utility then you are not affected by this bulletin. CVE(s): CVE-2018-1060, ...read more


IBM Security Bulletin: Open Source XStream Vulnerabilities Affect IBM Contact Optimization (CVE-2017-7957)

Nov 7, 2018 8:01 am EST | Medium Severity

IBM Contact Optimization impacted by XStream vulnerabilities. CVE(s): CVE-2017-7957 Affected product(s) and affected version(s): 9.1.0, 9.1.2, 10.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10738465X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/125800 ...read more