IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Snapshot on AIX and Linux (CVE-2018-1890, CVE-2018-12547) Security Bulletin

Multiple vulnerabilities in IBM® Runtime Environment Java were disclosed as part of the IBM Java SDK updates in January 2019. IBM® Runtime Environment Java is used by IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) on AIX and Linux.

CVE(s): CVE-2018-1890, CVE-2018-12547

Affected product(s) and affected version(s):
The following IBM FlashCopy Manager (IBM Spectrum Protect Snapshot (fomerly Tivoli Storage FlashCopy Manager) components on Unix and Linux are affected:

• IBM Spectrum Protect Snapshot for DB2 versions on AIX and Linux x86 only:
  – 8.1.0.0 through 8.1.6.0
  – 4.1.0.0 through 4.1.6.2
• IBM Spectrum Protect Snapshot for Custom Applications versions on AIX and Linux x86 only:
  – 8.1.0.0 through 8.1.6.0
  – 4.1.0.0 through 4.1.6.2
• IBM Spectrum Protect Snapshot for Oracle versions on AIX and Linux x86 only:
  – 8.1.0.0 through 8.1.6.0
  – 4.1.0.0 through 4.1.6.2
• IBM Spectrum Protect Snapshot for Oracle with SAP environments versions on AIX and Linux x86 only:
  – 8.1.0.0 through 8.1.6.0
  – 4.1.0.0 through 4.1.6.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10885230
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152081
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157512

The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Snapshot on AIX and Linux (CVE-2018-1890, CVE-2018-12547) Security Bulletin appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2GE1GeU