Security Bulletin: IBM Java Runtime Vulnerabilities affect the IBM Spectrum Protect Backup-Archive Client and web user interface, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments (CVE-2019-4732, CVE-2019-2989)

Multiple vulnerabilities in IBM® Runtime Environment Java were disclosed as part of the IBM Java SDK updates in October 2019 and January 2020. IBM® Runtime Environment Java is used by the IBM Spectrum Protect Backup-Archive Client and the client web user interface, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for VIrtual Environments.

Affected product(s) and affected version(s):

Affected Product(s)	Version(s)
IBM Spectrum Protect Backup-Archive Client	8.1.0.0-8.1.9.0 (Macintosh and Windows) 7.1.0.0-7.1.8.8 (Macintosh and Windows)
IBM Spectrum Protect Backup-Archive Client web user interface	8.1.7.0-8.1.9.0 (Linux and Windows) 8.1.9.0 (AIX)
IBM Spectrum Protect for Space Management	8.1.9.0
IBM Spectrum Protect for Virtual Environments: Data Protection for VMware	8.1.0.0-8.1.9.0 (Linux and Windows) 7.1.0.0-7.1.8.7 (Linux and Windows)
IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V	8.1.0.0-8.1.9.0 (Windows) 7.1.0.0-7.1.8.x (Windows)

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/5695653

The post Security Bulletin: IBM Java Runtime Vulnerabilities affect the IBM Spectrum Protect Backup-Archive Client and web user interface, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments (CVE-2019-4732, CVE-2019-2989) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/393mszE