IBM Security Bulletin: Remote Execution Vulnerability Affects Red Hat Linux Used By IBM WebSphere Application Server in IBM Cloud (CVE-2019-12735)

There is a security vulnerability that affects Red Hat Linux used by IBM WebSphere Application Server in the IBM Cloud. Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.

CVE(s): CVE-2019-12735

Affected product(s) and affected version(s):

These vulnerabilities affect the following versions and releases of IBM WebSphere Application Server in IBM Cloud:

  • Liberty
  • Version 9.0
  • Version 8.5

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10888425
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/162255

The post IBM Security Bulletin: Remote Execution Vulnerability Affects Red Hat Linux Used By IBM WebSphere Application Server in IBM Cloud (CVE-2019-12735) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ift.tt/2ZzFauM