Jun 28, 2019 9:03 am EDT
Categorized: High Severity
Share this post:
IBM MessageSight has addressed the following Java vulnerabilities: CVE-2019-2698: An attacker can use a maliciously crafted font to exploit a flaw in the JDK’s font parsing code CVE-2019-2697: An attacker can use a maliciously crafted font to exploit a flaw in the JDK’s font parsing code CVE-2019-2602: A flaw in the java.math.BigDecimal API causes hangs when parsing certain String values CVE-2019-10245: A flaw in the OpenJ9 class verifier potentially allows untrusted code to elevate its privileges and execute arbitrary code
CVE(s): CVE-2019-2698, CVE-2019-2697, CVE-2019-2602, CVE-2019-10245
Affected product(s) and affected version(s):
| Affected IBM MessageSight | Affected Versions |
|---|---|
| IBM MessageSight | 1.2.0.0 – 1.2.0.3 |
| IBM MessageSight | 2.0.0.0 – 2.0.0.2 |
| IBM MessageSight | 5.0.0.0 |
| IBM MessageSight | 5.0.0.1 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10886353
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159790
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159789
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159698
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/160010
from IBM Product Security Incident Response Team https://ift.tt/321zprJ
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.