-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.1782
Denial of Service vulnerability may affect IBM SDK, Java Technology Edition
              shipped with Predictive Maintenance and Quality
                                20 May 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM Predictive Maintenance and Quality
Publisher:         IBM
Operating System:  Red Hat
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-2654  

Reference:         ESB-2020.0300
                   ESB-2020.0293
                   ESB-2020.0292
                   ESB-2020.0250
                   ESB-2020.0233
                   ESB-2020.0230
                   ESB-2020.0215
                   ESB-2020.0205
                   ESB-2020.0185
                   ESB-2020.0181

Original Bulletin: 
   https://www.ibm.com/support/pages/node/6211868

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Bulletin: Denial of Service vulnerability may affect IBM SDK, Java
Technology Edition shipped with Predictive Maintenance and Quality

Security Bulletin


Summary

IBM SDK, Java Technology Edition is shipped with IBM Predictive Maintenance and
Quality. Information about some Denial of Service security vulnerability
affecting IBM SDK, Java Technology Edition has been published.

Vulnerability Details

Refer to the security bulletins(s) listed in the Remediation/Fixes section

Affected Products and Versions

+---------------------------------------------------------+---------+
|Affected Product(s)                                      |Version  |
|                                                         |(s)      |
+---------------------------------------------------------+---------+
|IBM Predictive Maintenance and Quality                   |All      |
+---------------------------------------------------------+---------+
|IBM Maximo APM - Predictive Maintenance Insights         |All      |
|On-Premises                                              |         |
+---------------------------------------------------------+---------+

Remediation/Fixes

Refer to the following security bulletin for information about fixes addressed
by IBM SDK, Java Technology Edition:

https://www.ibm.com/support/pages/node/5736807

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support
alerts like this.

References

Complete CVSS v3 Guide
On-line Calculator v3

Off

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Acknowledgement

Change History

14 May 2020: Initial Publication

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXsSkteNLKJtyKPYoAQi0NQ//TAmzOLgXQUDt9Up3TetKxnLXNfkD/+XF
DoiT3yLqFCeOcXMGN7HXgenZY4Zog9B7jw/GiyrF1k5APyrEJ3ljdrRzr6zJoT26
Y9RQ1joe8IxjjLlE1Y/0YCJuDThYRI84jZYYFHe8RdrUdNI4Un6MR/HZqX5Z5M97
k2JFneQSBUMTuFOHQe8UMfiRxuVZ1gV1JWGQxYRaZJXiEZqpxesAOhXA2yLY4J0G
jdaGFQgyajywaoPMiBJ9rUPyhwz9F0HoaWfVojzQ4yoBHl5T6WmS3SHxUHmKfp4L
ry3aehhkk+rNWDXECqFqh5Ycy9ctm/TlvLcl45t2UyBK6xxiMAvCosVzFOJR6/7Q
/+ne8HTMVLpBiv+W80blOewN4hnI90dA2fogWv4CAsLy1cLtQBSMLAbfMK9MToSY
NLdnjGQUNi1aSt5Wk4zwRU6H0MCqbEmWvGPQjKRscXtFJUtubfr2QWrYgAISuDeu
g7oJRzHBv3YDNwbWFLTeYvSry19oamh5OElrHtW8VV9Ol9ZdQFA8mwkT0RD9BDSt
8aEcFDaTNFapXJ/Ha/x7Dqw+e+Ud6A6hcQvo+ptHNv93IlQnWC10yc6i/I6QmZjT
wvX/w87kXK+fdWUQIBl0yYLcWiBRdo9eD00gwQzgGil+lK2/orm1edYjWpSfb+vx
zk9H3XeHZ3A=
=WGQk
-----END PGP SIGNATURE-----