Security Bulletin: Apache Commons Collections library in WebSphere Application Server Knowledge Center is vulnerable (CVE-2015-7450)
Nov 13, 2019 7:00 pm EST | High Severity
CVEID: CVE-2019-4473 DESCRIPTION: Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984.CVSS Base score: 8.4CVSS Temporal Score: See: https://ift.tt/2CGy4uO for the current score.CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2019-11771 DESCRIPTION: AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users.CVSS Base score: 8.4CVSS Temporal Score: See: https://ift.tt/37buTJR for the current score.CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) ...read more
from IBM Product Security Incident Response Team https://ift.tt/2CLm8YI