There are potential information disclosure vulnerabilities in Liberty for Java for IBM Cloud. There is a potential man-in-the-middle attack in Apache CXF used by Liberty for Java for IBM Cloud.
CVE(s): CVE-2018-1683, CVE-2018-1755, CVE-2018-8039
Affected product(s) and affected version(s):
This vulnerability affects all versions of Liberty for Java in IBM Cloud up to and including v3.24.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10732916
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145455
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148597
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145516
The post IBM Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Cloud appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2QanIIl
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.