IBM Security Bulletin: Multiple vulnerabilities affect IBM Planning Analytics (CVE-2018-3180, CVE-2013-1624, CVE-2018-1933, CVE-2015-1832, CVE-2018-15494)

Apr 30, 2019 9:00 am EDT

Categorized: Medium Severity

Share this post:

There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM Planning Analytics. This issue was disclosed as part of the IBM Java SDK updates in October 2018. As of version 2.0.6, IBM Planning Analytics is no longer compatible with IBM® Runtime Environment Java™ Version 7. IBM Planning Analytics 2.0.7 (Windows) will install IBM® Runtime Environment Java™ Version 8. If you run your own Java code , you must upgrade to the latest version of IBM® Runtime Environment Java™ Version 8 that resolves these vulnerabilities. Refer to the “IBM Java SDK Security Bulletin”. in the

CVE(s): CVE-2013-1624, CVE-2015-1832, CVE-2018-1933, CVE-2018-3180, CVE-2018-15494

Affected product(s) and affected version(s):

Planning Analytics 2.0

Planning Analytics 2.0.1

Planning Analytics 2.0.2

Planning Analytics 2.0.3

Planning Analytics 2.0.4

Planning Analytics 2.0.5

Planning Analytics 2.0.6

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10879407
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/81910
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/115625
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153177
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151497
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148556

from IBM Product Security Incident Response Team https://ibm.co/2PLxKRr