IBM Security Bulletin: IBM Integration Bus affected by WAS is susceptible to TLS downgrade if using FIPS and JVM property if using non WAS keystore/truststore

Jan 12, 2019 9:00 am EST

Categorized: Medium Severity

Share this post:

IBM Integration Bus ships with a version of the WSRR thin client which is susceptible to vulnerabilities which were reported and have been addressed’

CVE(s): CVE-2018-1719

Affected product(s) and affected version(s):

IBM Integration Bus V10.0.0.0 – V10.0.0.15
IBM Integration Bus V9.0.0.0 – V9.0.0.11

WebSphere Message Broker V8.0.0.0 – V8.0.0.9

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10794673
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/147292



from IBM Product Security Incident Response Team https://ibm.co/2QFBBy4