Tuesday, November 6, 2018

IBM Security Bulletin: Multiple Vulnerabilities in IBM Cognos Analytics

Nov 6, 2018 8:00 am EST

Categorized: High Severity

Share this post:

This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Analytics 11.0.13.0. Multiple Open Source OpenSSL vulnerabilities affect IBM Cognos Analytics. IBM Cognos Analytics consumes IBM GSKit. Multiple vulnerabilities have been addressed in IBM GSKit. IBM Cognos Business Intelligence uses the IBM WAS Liberty Profile (WLP). There is a potential denial of service in Apache CXF that is used by WebSphere Application Server . IBM Cognos Analytics has upgraded WLP to a version that addresses the vulnerability. Deserialization flaws were discovered in the jackson-databind library which is used by IBM Cognos Analytics. The IBM Cognos Analytics Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token.

CVE(s): CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, CVE-2016-0705, CVE-2017-3732, CVE-2018-0739, CVE-2018-1447, CVE-2018-1428, CVE-2018-1427, CVE-2018-1426, CVE-2017-12624, CVE-2017-15095, CVE-2017-7525, CVE-2018-1842

Affected product(s) and affected version(s):

IBM Cognos Analytics Versions 11.0.0.0 to 11.0.12.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10738249
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/131047
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/134397
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136077
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111140
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/121313
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/140847
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139972
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139073
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139072
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139071
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/135095
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/135123
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/134639
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/150902



from IBM Product Security Incident Response Team https://ift.tt/2D5LuC2

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.