IBM SDK, Java Technology Edition 代码问题漏洞

CNNVD-ID编号	CNNVD-202002-020
CVE编号	CVE-2019-4732
发布时间	2020-02-03
更新时间	2021-01-21
漏洞类型	代码问题
漏洞来源	N/A
危险等级	中危
威胁类型	本地
厂商	N/A

漏洞介绍

IBM SDK, Java Technology Edition是美国IBM公司的一款用于Java应用程序开发的软件开发工具包。

IBM SDK, Java Technology Edition 7.0.0.0版本至7.0.10.55版本、7.1.0.0版本至7.1.4.55版本和8.0.0.0版本至8.0.6.0版本中存在安全漏洞。本地攻击者可借助特制的文件利用该漏洞在系统上执行任意代码。

漏洞补丁

目前厂商已发布升级了IBM SDK, Java Technology Edition 代码问题漏洞的补丁，IBM SDK, Java Technology Edition 代码问题漏洞的补丁获取链接：

https://www.ibm.com/support/pages/node/1288060

参考网址

来源:exchange.xforce.ibmcloud.com

链接：https://exchange.xforce.ibmcloud.com/vulnerabilities/172618
来源:www.ibm.com

链接：https://www.ibm.com/support/pages/node/1288060
来源:www.ibm.com

链接：https://www.ibm.com/support/pages/node/1592049
来源:www.ibm.com

链接：https://www.ibm.com/support/pages/node/1846587
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-sdk-affect-ibm-spectrum-control-formerly-tivoli-storage-productivity-center-cve-2019-2989-cve-2020-2593-and-cve-2019-4732/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-runtime-affect-the-ibm-spectrum-protect-server-cve-2020-2593-cve-2019-4732/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cloud-private/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-asset-analyzer/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0744/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-sdk-java-technology-edition-quarterly-cpu-jan-2020/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-3/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-january-2020-critical-patch-update-for-java/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-rational-performance-tester/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-ibm-spectrum-protect-for-enterprise-resource-planning-on-windows-cve-2019-4732-2/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-security-bulletin-novalink-is-impacted-by-publicly-disclosed-vulnerability-in-ibm-java-sdk-jre-cve-2019-4732/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-sap-applications/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jan-2020-includes-oracle-jan-2020-cpu-minus-cve-2020-2585-cve-2020-2654-and-cve-2020-2590/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1162/
来源:www.nsfocus.net

链接：http://www.nsfocus.net/vulndb/48000
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1647/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-directory-server/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-security-siteprotector-system/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affects-ibm-agile-lifecycle-manager/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-db2-august-2019-cpu/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-installation-manager-and-ibm-packaging-utility-3/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-windows-dll-injection-vulnerability-in-ibm-java-runtime-affects-collaboration-and-deployment-services/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0674/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-tpf-toolkit/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-liberty-for-java-for-ibm-cloud-january-2020-cpu/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-spss-statistics-subscription/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affect-financial-transaction-manager-for-corporate-services-cve-2019-4732/
来源:nvd.nist.gov

链接：https://nvd.nist.gov/vuln/detail/CVE-2019-4732
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-version-7-version-8-that-is-used-by-ibm-workload-scheduler-2/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-insights/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-identified-in-ibm-java-sdk-that-affect-ibm-security-directory-suite-january-2020-cpu/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cognos-command-center-2/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affect-financial-transaction-manager-for-check-services-cve-2019-4732/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnurabilities-discovered-in-ibm-sdk-java-can-affect-rational-software-architect-design-manager/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-rational-developer-for-i-and-rational-developer-for-aix-and-linux-january-2020/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-rational-application-developer-for-websphere-software/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-ibm-java-sdk-oct-2019-and-jan-2020-cpu-affect-multiple-ibm-continuous-engineering-products-based-on-ibm-jazz-technology/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-ibm-spectrum-protect-for-enterprise-resource-planning-on-windows-cve-2019-4732-4/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0891/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-itcam-for-soa-2/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-4732-vulnerability-in-ibm-java-runtime-affects-ibm-integration-designer-used-in-ibm-business-automation-workflow-and-ibm-business-process-manager/
来源:vigilance.fr

链接：https://vigilance.fr/vulnerability/IBM-SDK-executing-DLL-code-31514
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-txseries-for-multiplatforms/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-windows-dll-injection-vulnerability-with-ibm-java-affects-spss-modeler-2/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-affect-ibm-operational-decision-manager-october-2019-january-2020-and-april-2020-cpus/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-directory-server-tivoli-rational-directory-administrator-3/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-java-vulnerabilities-affect-ibm-spectrum-protect-plus/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1451/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-conductor-and-ibm-spectrum-conductor-with-spark/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-websphere-message-broker-v8-2/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-integration-bus-and-ibm-app-connect-enterpise-v11-3/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affect-financial-transaction-manager-for-corporate-services-v2-1-1-cve-2019-4732/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-application-manager-jan-2020-cpu-cve-2020-2583-cve-2019-4732/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-ilog-cplex-optimization-studio-and-ibm-cplex-enterprise-server-cve-2020-2593-cve-2020-2583-cve-2019-4732/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0465.2/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-performance-management-products-4/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-4/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-that-affect-ibm-intelligent-operations-center-products-includes-oracle-jan-2020-cpu-m/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jan-2020-apr-2020/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0531/
来源:access.redhat.com

链接：https://access.redhat.com/security/cve/cve-2019-4732
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0571/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0470/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-storediq-instascan/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-for-websphere-mq-internet-pass-thru-jan-2020-includes-oracle-jan-2020-cpu-minus-cve-2020-2585-cve-2020-2654-and-cve-2020-2590/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-middleware-software-affect-ibm-cloud-pak-for-automation-2/

受影响实体

暂无

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202002-020