The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of IBM Rational Application Developer

vulnerability CVE-2018-12116 CVE-2018-12120 CVE-2018-12121

Node Core: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Node Core.
Impacted products: BIG-IP Hardware, TMOS, IBM API Connect, IBM i, I-Connect, IRAD, Nodejs Core, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: data reading, data creation/edition, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 28/11/2018.
Identifiers: CVE-2018-12116, CVE-2018-12120, CVE-2018-12121, CVE-2018-12122, CVE-2018-12123, ibm10787619, ibm10794537, ibm10878136, K37111863, openSUSE-SU-2019:0088-1, openSUSE-SU-2019:0089-1, openSUSE-SU-2019:0234-1, RHSA-2019:1821-01, RHSA-2019:2258-01, SUSE-SU-2019:0117-1, SUSE-SU-2019:0118-1, SUSE-SU-2019:0395-1, VIGILANCE-VUL-27900.

Description of the vulnerability

An attacker can use several vulnerabilities of Node Core.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-5407

OpenSSL: information disclosure via ECC Scalar Multiplication

Synthesis of the vulnerability

On an Intel processor (VIGILANCE-VUL-27667), an attacker can measure the execution time of the ECC Scalar Multiplication of OpenSSL, in order to obtain the used key.
Impacted products: Blue Coat CAS, Debian, BIG-IP Hardware, TMOS, AIX, IRAD, Rational ClearCase, QRadar SIEM, MariaDB ~ precise, MySQL Community, MySQL Enterprise, OpenBSD, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Oracle Identity Management, Solaris, Tuxedo, WebLogic, Percona Server, XtraBackup, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 12/11/2018.
Identifiers: bulletinjan2019, CERTFR-2018-AVI-607, CERTFR-2019-AVI-242, cpuapr2019, cpujan2019, cpujul2019, CVE-2018-5407, DLA-1586-1, DSA-4348-1, DSA-4355-1, ibm10794537, ibm10875298, ibm10886313, K49711130, openSUSE-SU-2018:3903-1, openSUSE-SU-2018:4050-1, openSUSE-SU-2018:4104-1, openSUSE-SU-2019:0088-1, openSUSE-SU-2019:0234-1, RHSA-2019:0483-01, RHSA-2019:2125-01, SSA:2018-325-01, SUSE-SU-2018:3864-1, SUSE-SU-2018:3864-2, SUSE-SU-2018:3866-1, SUSE-SU-2018:3964-1, SUSE-SU-2018:3989-1, SUSE-SU-2018:4001-1, SUSE-SU-2018:4068-1, SUSE-SU-2018:4274-1, SUSE-SU-2019:0117-1, SUSE-SU-2019:0395-1, SUSE-SU-2019:1553-1, SYMSA1490, TNS-2018-16, TNS-2018-17, USN-3840-1, VIGILANCE-VUL-27760.

Description of the vulnerability

On an Intel processor (VIGILANCE-VUL-27667), an attacker can measure the execution time of the ECC Scalar Multiplication of OpenSSL, in order to obtain the used key.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-5407

Intel processors: information disclosure via SMT/Hyper-Threading PortSmash

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via SMT/Hyper-Threading PortSmash on an Intel processor, in order to obtain sensitive information.
Impacted products: Debian, Avamar, BIG-IP Hardware, TMOS, AIX, IRAD, MariaDB ~ precise, Windows (platform) ~ not comprehensive, MySQL Community, MySQL Enterprise, OpenBSD, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Oracle Identity Management, Solaris, Tuxedo, WebLogic, Percona Server, XtraBackup, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 05/11/2018.
Identifiers: 530514, bulletinjan2019, CERTFR-2019-AVI-242, cpuapr2019, cpujan2019, cpujul2019, CVE-2018-5407, DSA-2018-030, DSA-4348-1, DSA-4355-1, ibm10794537, K49711130, openSUSE-SU-2018:4050-1, openSUSE-SU-2018:4104-1, openSUSE-SU-2019:0088-1, openSUSE-SU-2019:0234-1, RHSA-2019:2125-01, SUSE-SU-2018:3964-1, SUSE-SU-2018:3989-1, SUSE-SU-2018:4001-1, SUSE-SU-2018:4068-1, SUSE-SU-2018:4274-1, SUSE-SU-2019:0117-1, SUSE-SU-2019:0395-1, SUSE-SU-2019:1553-1, USN-3840-1, VIGILANCE-VUL-27667.

Description of the vulnerability

An attacker can bypass access restrictions to data via SMT/Hyper-Threading PortSmash on an Intel processor, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-0734

OpenSSL: information disclosure via DSA Signature Generation

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via DSA Signature Generation of OpenSSL, in order to obtain sensitive information.
Impacted products: Debian, AIX, IRAD, Rational ClearCase, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Oracle Identity Management, Solaris, Tuxedo, WebLogic, Percona Server, XtraBackup, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 30/10/2018.
Identifiers: bulletinapr2019, bulletinjan2019, CERTFR-2018-AVI-607, cpuapr2019, cpujan2019, cpujul2019, CVE-2018-0734, DSA-4348-1, DSA-4355-1, ibm10794537, ibm10875298, openSUSE-SU-2018:3890-1, openSUSE-SU-2018:3903-1, openSUSE-SU-2018:4050-1, openSUSE-SU-2018:4104-1, openSUSE-SU-2019:0084-1, openSUSE-SU-2019:0088-1, openSUSE-SU-2019:0138-1, openSUSE-SU-2019:0234-1, openSUSE-SU-2019:1547-1, openSUSE-SU-2019:1814-1, RHSA-2019:2304-01, SSA:2018-325-01, SUSE-SU-2018:3863-1, SUSE-SU-2018:3864-1, SUSE-SU-2018:3864-2, SUSE-SU-2018:3866-1, SUSE-SU-2018:3964-1, SUSE-SU-2018:3989-1, SUSE-SU-2018:4001-1, SUSE-SU-2018:4068-1, SUSE-SU-2018:4274-1, SUSE-SU-2019:0117-1, SUSE-SU-2019:0395-1, SUSE-SU-2019:1553-1, TNS-2018-16, TNS-2018-17, USN-3840-1, VIGILANCE-VUL-27640.

Description of the vulnerability

An attacker can bypass access restrictions to data via DSA Signature Generation of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-0735

OpenSSL: information disclosure via ECDSA Signature Generation

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via ECDSA Signature Generation of OpenSSL, in order to obtain sensitive information.
Impacted products: Blue Coat CAS, Debian, IRAD, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Fusion Middleware, Oracle Identity Management, Solaris, Tuxedo, WebLogic, SLES, Symantec Content Analysis, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 29/10/2018.
Identifiers: bulletinjan2019, cpuapr2019, cpujul2019, CVE-2018-0735, DLA-1586-1, DSA-4348-1, ibm10794537, openSUSE-SU-2018:3890-1, SUSE-SU-2018:3863-1, SYMSA1490, USN-3840-1, VIGILANCE-VUL-27631.

Description of the vulnerability

An attacker can bypass access restrictions to data via ECDSA Signature Generation of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-3136 CVE-2018-3139 CVE-2018-3149

Oracle Java: vulnerabilities of October 2018

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Impacted products: Debian, Unisphere EMC, VNX Operating Environment, VNX Series, Fedora, AIX, IBM API Connect, DB2 UDB, IBM i, IRAD, Rational ClearCase, Security Directory Server, Tivoli System Automation, WebSphere AS Liberty, WebSphere AS Traditional, WebSphere MQ, McAfee Web Gateway, Java OpenJDK, openSUSE Leap, Java Oracle, Puppet, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 11.
Creation date: 17/10/2018.
Identifiers: 528379, CERTFR-2018-AVI-495, cpuoct2018, CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3150, CVE-2018-3157, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3209, CVE-2018-3211, CVE-2018-3214, DLA-1590-1, DSA-2018-208, DSA-2019-131, DSA-4326-1, FEDORA-2018-209371341e, FEDORA-2018-369ab0efc9, FEDORA-2018-5857f28069, FEDORA-2018-cca64e06ba, FEDORA-2018-ce61c1147d, ibm10729607, ibm10741443, ibm10742147, ibm10742149, ibm10743955, ibm10793419, ibm10796096, ibm10875314, ibm10881644, ibm10882604, ibm10883400, openSUSE-SU-2018:3235-1, openSUSE-SU-2019:0042-1, openSUSE-SU-2019:0043-1, RHSA-2018:2942-01, RHSA-2018:2943-01, RHSA-2018:3000-01, RHSA-2018:3001-01, RHSA-2018:3002-01, RHSA-2018:3003-01, RHSA-2018:3007-01, RHSA-2018:3008-01, RHSA-2018:3350-01, RHSA-2018:3409-01, RHSA-2018:3521-01, RHSA-2018:3533-01, RHSA-2018:3534-01, RHSA-2018:3671-01, RHSA-2018:3672-01, SB10255, SUSE-SU-2018:3868-1, SUSE-SU-2018:3920-1, SUSE-SU-2018:3921-1, SUSE-SU-2018:3933-1, SUSE-SU-2018:4064-1, SUSE-SU-2019:0049-1, SUSE-SU-2019:0057-1, SUSE-SU-2019:0057-2, SUSE-SU-2019:0058-1, USN-3804-1, USN-3824-1, USN-3830-1, VIGILANCE-VUL-27509, ZDI-18-1263.

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-12539

IBM Java: code execution via Attach API

Synthesis of the vulnerability

An attacker can use a vulnerability via Attach API of IBM Java, in order to run code.
Impacted products: AIX, DB2 UDB, Domino, Notes, IRAD, Rational ClearCase, QRadar SIEM, Tivoli Storage Manager, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Liberty, WebSphere AS Traditional, WebSphere MQ, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user shell.
Creation date: 28/08/2018.
Identifiers: CERTFR-2018-AVI-544, CVE-2018-12539, ibm10725491, ibm10729349, ibm10730083, ibm10733905, ibm10735319, ibm10735325, ibm10738401, ibm10738997, ibm10742729, ibm10743193, ibm10743351, RHSA-2018:2568-01, RHSA-2018:2569-01, RHSA-2018:2575-01, RHSA-2018:2576-01, SUSE-SU-2018:2574-1, SUSE-SU-2018:2583-1, SUSE-SU-2018:2649-1, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, VIGILANCE-VUL-27093.

Description of the vulnerability

An attacker can use a vulnerability via Attach API of IBM Java, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-1656

IBM Java: directory traversal via DTFJ

Synthesis of the vulnerability

An attacker can traverse directories via DTFJ of IBM Java, in order to read a file outside the service root path.
Impacted products: AIX, DB2 UDB, Domino, Notes, IRAD, Rational ClearCase, QRadar SIEM, Tivoli Storage Manager, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Liberty, WebSphere AS Traditional, WebSphere MQ, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 28/08/2018.
Identifiers: CERTFR-2018-AVI-544, CVE-2018-1656, ibm10725491, ibm10729349, ibm10730083, ibm10733905, ibm10735319, ibm10735325, ibm10738401, ibm10738997, ibm10742729, ibm10743193, ibm10743351, RHSA-2018:2568-01, RHSA-2018:2569-01, RHSA-2018:2575-01, RHSA-2018:2576-01, SUSE-SU-2018:2574-1, SUSE-SU-2018:2583-1, SUSE-SU-2018:2649-1, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, VIGILANCE-VUL-27092.

Description of the vulnerability

An attacker can traverse directories via DTFJ of IBM Java, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-7161

Node.js Core: denial of service via HTTP2 Cleanup

Synthesis of the vulnerability

An attacker can generate a fatal error via HTTP2 Cleanup of Node.js Core, in order to trigger a denial of service.
Impacted products: Fedora, IBM i, IRAD, Nodejs Core, openSUSE Leap, SLES.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 13/06/2018.
Identifiers: CVE-2018-7161, FEDORA-2018-79841c871e, FEDORA-2018-f59d961d7b, ibm10715995, ibm10728705, openSUSE-SU-2018:1963-1, SUSE-SU-2018:1918-1, VIGILANCE-VUL-26419.

Description of the vulnerability

An attacker can generate a fatal error via HTTP2 Cleanup of Node.js Core, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-1000168

Nghttp2: NULL pointer dereference via ALTSVC Frame

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via ALTSVC Frame of Nghttp2, in order to trigger a denial of service.
Impacted products: Fedora, IBM i, IRAD, Nodejs Core, openSUSE Leap, Solaris, SLES.
Severity: 3/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 23/04/2018.
Identifiers: bulletinoct2018, CVE-2018-1000168, FEDORA-2018-cec96a9c41, ibm10715995, ibm10728705, openSUSE-SU-2018:1963-1, SUSE-SU-2018:1918-1, VIGILANCE-VUL-25942.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via ALTSVC Frame of Nghttp2, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about IBM Rational Application Developer: