IBM Security Bulletin: Code execution vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1851)

Jan 30, 2019 9:01 am EST

Categorized: High Severity

Share this post:

There is a potential code execution vulnerability in WebSphere Application Server Liberty OpenID connect which affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center).

CVE(s): CVE-2018-1851

Affected product(s) and affected version(s):

Affected ProductAffected Versions
IBM Spectrum Control5.2.14 – 5.2.17.1
IBM Spectrum Control5.3.0

The versions listed above apply to all licensed offerings of IBM Spectrum Control.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10738391
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/150999



from IBM Product Security Incident Response Team https://ibm.co/2Gcv64o