Description:

IBM has released security updates to address multiple vulnerabilities in the following products:

• NovaLink
  • 1.0.0.13
  • 1.0.0.15
• Sterling Connect Direct File Agent
  • 1.4
• IBM i
  • 7.4
  • 7.3
  • 7.2
  • 7.1
• Financial Transaction Manager for ACH Services for Multi-Platform
  • 3.1.0.0-3.1.0.3
  • 3.0.6.0-3.0.6.10
• IBM Tivoli Application Dependency Discovery Manager
  • 7.3.0
• RBD
  • 9.5
  • 9.6
• WebSphere Application Server
  • 9.0
  • 7.0
  • 8.0
  • 8.5
• Rational Asset Manager
  • 7.5.4.3
• IBM Tivoli Netcool Impact 6.1.x
  • All versions
• IBM Tivoli Netcool Impact 7.1.0
  • 7.1.0.0~7.1.0.17
• IBM Secure Proxy
  • 6
• IBM Sterling Secure Proxy
  • 3.4.3.2
  • 3.4.2
• DOORS Web Access:
  • 9.5.1 – 9.5.1.10
  • 9.5.2 – 9.5.2.9
  • 9.6.0 – 9.6.0.8
  • 9.6.1 – 9.6.1.11
  • 9.7.0 – 9.7.0.1
• IBM Business Automation Workflow
  • 18.0.0.0 – 19.0.0.3
• IBM Business Process Manager
  • 8.6-8.6 CF2018.03
  • 8.5.7 2017.06
• Sterling External Authentication Server
  • 2.4.2
• IBM External Authentication Server
  • 6.0.0.1
• IBM Sterling External Authentication Server
  • 2.4.3.2
• IBM Tivoli Netcool Impact
  • 6.1.0.0 – 6.1.0.4 Interim Fix 1
• IBM Tivoli Netcool
  • 6.1.1.0 – 6.1.1.5 Interim Fix 2
• IBM Tivoli Netcool
  • 7.1.0.0 – 7.1.0.17
• IBM Content Navigator
  • 3.0CD
• API Connect
• IBM API Connect
  • 5.0.0.0-5.0.8.7
• IBM API Connect
  • 2018.4.1.0-2018.4.1.8
• ITNM
  • 4.2.0.x
• SPSS Statistics
  • 26
  • 25
  • 24
  • 23
• z/Transaction Processing Facility
  • 1.1
• IBM CICS Transaction Gateway
  • 9.1
  • 9.2
  • 9
  • 8.1
  • 8
• Jazz for Service Management
  • 1.1.3
• IBM Cloud Application Performance Management, Base Private
  • 8.1.3
  • 8.1.4
• IBM Cloud Application Performance Management, Advanced Private
  • 8.1.3
  • 8.1.4
• IBM Cloud Application Performance Management

Threats:

• Consume CPU resources remotely
• Denial of service (DoS)
• Execute arbitrary code
• Elevated privileges
• Bypass security restrictions
• Obtain sensitive information remotely
• Frequently repeatable crash (complete DOS) of MySQL Server
• Unauthorized access to the system remotely
• Cross-site scripting (XSS)

Best practice and Recommendations:

The CERT team encourages users to apply the necessary update according to the link below:

• https://www.ibm.com/support/pages/node/6120771
• https://www.ibm.com/support/pages/node/6121041
• https://www.ibm.com/support/pages/node/6118018
• https://www.ibm.com/support/pages/node/6117556
• https://www.ibm.com/support/pages/node/6117580
• https://www.ibm.com/support/pages/node/6118132
• https://www.ibm.com/support/pages/node/6118222
• https://www.ibm.com/support/pages/node/6116632
• https://www.ibm.com/support/pages/node/6116536
• https://www.ibm.com/support/pages/node/6116464
• https://www.ibm.com/support/pages/node/6116968
• https://www.ibm.com/support/pages/node/6116926
• https://www.ibm.com/support/pages/node/6116728
• https://www.ibm.com/support/pages/node/6116458
• https://www.ibm.com/support/pages/node/5694387
• https://www.ibm.com/support/pages/node/6116938
• https://www.ibm.com/support/pages/node/6116962
• https://www.ibm.com/support/pages/node/6116740
• https://www.ibm.com/support/pages/node/6115942
• https://www.ibm.com/support/pages/node/6115816
• https://www.ibm.com/support/pages/node/6116020
• https://www.ibm.com/support/pages/node/6116032
• https://www.ibm.com/support/pages/node/6115912
• https://www.ibm.com/support/pages/node/5693588
• https://www.ibm.com/support/pages/node/1170046
• https://www.ibm.com/support/pages/node/2310885
• https://www.ibm.com/support/pages/node/6116194
• https://www.ibm.com/support/pages/node/6115924
• https://www.ibm.com/support/pages/node/6115954
• https://www.ibm.com/support/pages/node/6116068
• https://www.ibm.com/support/pages/node/6115930
• https://www.ibm.com/support/pages/node/5967777
• https://www.ibm.com/support/pages/node/6113482
• https://www.ibm.com/support/pages/node/6113404