IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring

There are several vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components.

CVE(s): CVE-2018-3139, CVE-2018-3136, CVE-2018-13785, CVE-2018-3214, CVE-2018-3180, CVE-2018-3149, CVE-2018-3169

Affected product(s) and affected version(s):

The following components of IBM Tivoli Monitoring (ITM) are affected by this bulletin:

-Java (CANDLEHOME) ITM 6.2.3 Fix Pack 1 (JRE 1.6) through 6.3.0 Fix Pack 7 (JRE 7) (CVE-2018-3139 only)
-Java (Tivoli Enterprise Portal client browser or webstart) ITM 6.2.3 Fix pack 1 through 6.3.0 Fix Pack 7 (All CVE’s listed, CVE-2018-3169 ITM 6.3.0 only)

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10796308
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151455
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151452
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/146015
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151530
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151497
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151465
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151486

The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ibm.co/2GwSkSX