Security Bulletin: A vulnerability in IBM WebSphere Application Server and WebSphere Liberty affects IBM Operations Analytics Predictive Insights (CVE-2019-4046)

Summary There is a vulnerability in IBM WebSphere Application Server and WebSphere Liberty that are used by IBM Operations Analytics Predictive Insights 1.3.6 and earlier versions. IBM Operations Analytics Predictive Insights has addressed the applicable CVE. This issue was also addressed by IBM...

Security Bulletin: A vulnerability in IBM WebSphere Application Server and WebSphere Liberty affects IBM Operations Analytics Predictive Insights (CVE-2018-1902)

Summary There is a vulnerability in IBM WebSphere Application Server and WebSphere Liberty that are used by IBM Operations Analytics Predictive Insights 1.3.6 and earlier versions. IBM Operations Analytics Predictive Insights has addressed the applicable CVE. This issue was also addressed by IBM...

Security Bulletin: Potential denial of service in WebSphere Application Server shipped with IBM Operations Analytics - Log Analysis (CVE-2018-10237)

Summary There is a potential denial of service with the Google Guava library that is used in WebSphere Application Server. Vulnerability Details CVEID: CVE-2018-10237 DESCRIPTION: Google Guava is vulnerable to a denial of service, caused by improper eager allocation checks in the AtomicDoubleArra...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Operations Analytics Predictive Insights January 2019 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 Service Refresh 10 Fix Pack 1 that is used by IBM Operations Analytics Predictive Insights 1.3.5 and earlier. There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 Service Refre...

Security Bulletin: A vulnerability in IBM WebSphere Application Server and WebSphere Liberty affects IBM Operations Analytics Predictive Insights (CVE-2018-10237)

Summary There is a vulnerability in IBM WebSphere Application Server and WebSphere Liberty that are used by IBM Operations Analytics Predictive Insights 1.3.6 and earlier versions. IBM Operations Analytics Predictive Insights has addressed the applicable CVE. This issue was also addressed by IBM...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights (CVE-2018-1996)

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Weaker than expected...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights (CVE-2018-1777)

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Potential cross-site...

Security Bulletin: Potential Privilege Escalation Vulnerability in WebSphere Application Server shipped with IBM Operations Analytics - Log Analysis (CVE-2018-1901)

Summary WebSphere Application Server could allow a remote attacker to temporarily gain elevated privileges on the system, caused by incorrect cached value being used. Vulnerability Details CVEID: CVE-2018-1901 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to...

Security Bulletin: Potential MITM attack in Apache CXF used by WebSphere Application Server affects IBM Operations Analytics - Log Analysis (CVE-2018-8039)

Summary There is a potential man-in-the-middle attack in Apache CXF used by WebSphere Application Server CVE-2018-8039 Vulnerability Details CVEID: CVE-2018-8039 DESCRIPTION: Apache CXF could allow a remote attacker to conduct a man-in-the-middle attack. The TLS hostname verification does not wor...

Security Bulletin: Information disclosure in WebSphere Application Server Liberty affect IBM Operations Analytics - Log Analysis (CVE-2018-1755)

Summary WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication SPI for Containers JASPIC. This can happen when the Application Server is configured to permit...

Security Bulletin: Information disclosure in WebSphere Application Server Liberty bundled with IBM Operations Analytics - Log Analysis (CVE-2018-1683)

Summary WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the failure to encrypt ORB communication. An attacker could exploit this vulnerability to obtain sensitive information and execute man-in-the-middle attack. Vulnerability Details...

Security Bulletin: Denial of Service in Apache CXF used by WebSphere Application Server affect IBM Operations Analytics - Log Analysis (CVE-2017-12624)

Summary There is a potential denial of service in Apache CXF that is used by WebSphere Application Server. Vulnerability Details CVEID: CVE-2017-12624 DESCRIPTION: Apache CXF is vulnerable to a denial of service. By using a specially crafted message attachment header, a remote attacker could...

Security Bulletin: A vulnerability in IBM WebSphere Application Server and WebSphere Liberty affects IBM Operations Analytics Predictive Insights (CVE-2018-1901)

Summary There is a vulnerability in IBM WebSphere Application Server and WebSphere Liberty that are used by IBM Operations Analytics Predictive Insights 1.3.6 and earlier versions. IBM Operations Analytics Predictive Insights has addressed the applicable CVE. This issue was also addressed by IBM...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights (CVE-2018-1643)

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Cross-site scripting...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights (CVE-2018-1904)

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Potential Remote code...

Security Bulletin: A security vulnerability has been identified in Apache Spark shipped with IBM Operations Analytics Predictive Insights (CVE-2018-17190)

Summary There is a vulnerability in Apache Spark®, Version 2.0.1 that is used by IBM Operations Analytics Predictive Insights 1.3.6. IBM Operations Analytics Predictive Insights has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2018-17190 DESCRIPTION: Apache Spark could allow a...

Problem with directory permissions in JP1/Operations Analytics

Overview A problem with directory permissions was found in JP1/Operations Analytics. Impact Regarding the impact of the vulnarability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

Security Bulletin: Information disclosure in WebSphere Application Server Liberty affect IBM Operations Analytics - Log Analysis (CVE-2018-1553)

Summary IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by mishandling of exceptions by the SAML Web SSO feature. Vulnerability Details CVEID: CVE-2018-1553 DESCRIPTION: IBM WebSphere Application Server Liberty could allow a remote...

Security Bulletin: Code execution vulnerability with OpenID connect in WebSphere Application Server Liberty affects IBM Operations Analytics - Log Analysis (CVE-2018-1851)

Summary WebSphere Application Server OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit this vulnerability to execute arbitrary code...

Security Bulletin: Vulnerability in Expression Language library used by WebSphere Application Server shipped with IBM Operations Analytics - Log Analysis (CVE-2014-7810)

Summary There is a potential bypass security vulnerability in the expression language library used by WebSphere Application Server Vulnerability Details CVEID: CVE-2014-7810 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the use of expression...