IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring

Jul 29, 2019 9:02 am EDT

Categorized: High Severity

Share this post:

There are several vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components.

CVE(s): CVE-2019-10245, CVE-2019-2684, CVE-2019-2602, CVE-2019-2697, CVE-2019-2698, CVE-2018-1890, CVE-2019-2422, CVE-2019-2426, CVE-2018-11212

Affected product(s) and affected version(s):

The following components of IBM Tivoli Monitoring (ITM) are affected by this bulletin:

-Java (CANDLEHOME) ITM 6.3.0 through 6.3.0 Fix Pack 7 (JRE 7) (CVE-2018-1890, CVE-2019-2426, CVE-2019-2697 and CVE-2019-2684)
-Java (Tivoli Enterprise Portal client browser or webstart) ITM 6.3.0 through 6.3.0 Fix Pack 7 (All CVE’s listed)

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10959883
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/160010
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159776
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159698
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159789
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159790
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152081
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155741
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155744
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/143429



from IBM Product Security Incident Response Team https://ift.tt/2SS0cCv