Description:

IBM has released security updates to address vulnerabilities in the following products:

• IBM Cognos Analytics 11.0, 11.1
• IBM Streams 4.1.1.8 and earlier, 4.2.1.6 and earlier, 4.3.0.2 and earlier
• IBM eDiscovery Analyzer Version 2.2.2
• IBM Cloud Application Performance Management, Base Private 8.1.4, Advanced Private 8.1.4
• FTM CHK 3.0.5.0, 3.0.5.4
• InfoSphere Streams 4.0.1.6 and earlier, 3.2.1.6 and earlier
• IBM MQ 9.1, 9.0.0.x Long Term Support (LTS)
• IBM MQ 9.0.x Continuous Delivery Release (CDR)
• IBM MQ 8.0
• FTM CPS 3.0.2.0, 3.0.2.1, 3.2.1.0
• IBM Cognos Controller 10.4.1, 10.4.0, 10.3.1, 10.3.0
• IBM Cloud Private for Data 1.1.0, 1.2.1, 2.1.0
• IBM SDK, Java Technology Edition, Version 7
• IBM Security Access Manager Appliance 7,0, 8.0, 9.0
• IBM Cloud App Management 2018.2.0, 2018.4.0, 2018.4.1
• WebSphere Application Server 9.0, 8.0, 8.5, 7.0
• IBM Security SiteProtector System 3.0.0, 3.1.1
• FTM ACH 3.0.6.0, 3.0.6.8, 3.1.0.0, 3.1.0.3
• IBM WebSphere Application Server for IBM Cloud Private VM Quickstarter 2.0, 3.0

Threats:

Attacker could exploit these vulnerabilities by doing the following:

• Execute arbitrary code – remotely.
• Denial of service attack (DoS) – remotely.
• Buffer overflow.
• Unauthorized disclosure of information.
• Escalation of privilege.

Best practice and Recommendations:

The CERT team encourages users to review IBM security advisory and apply the necessary updates:

https://www.ibm.com/blogs/psirt/