Vulnerability Name:

CVE-2019-12406 (CCN-170974)

Assigned:2019-11-05
Published:2019-11-05
Updated:2021-06-17
Summary:Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property "attachment-max-count".
CVSS v3 Severity:6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-770
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2019-12406

Source: CONFIRM
Type: Vendor Advisory
http://cxf.apache.org/security-advisories.data/CVE-2019-12406.txt.asc

Source: CCN
Type: Apache Web site
CXF

Source: XF
Type: UNKNOWN
apache-cve201912406-dos(170974)

Source: MLIST
Type: Exploit, Mailing List, Vendor Advisory
[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html

Source: MLIST
Type: Mailing List, Vendor Advisory
[cxf-issues] 20200820 [jira] [Created] (CXF-8328) CVE-2019-12406 not fixed in 3.1 branch

Source: MLIST
Type: Mailing List, Vendor Advisory
[cxf-issues] 20200821 [jira] [Commented] (CXF-8328) CVE-2019-12406 not fixed in 3.1 branch

Source: MLIST
Type: Mailing List, Vendor Advisory
[cxf-issues] 20200820 [jira] [Commented] (CXF-8328) CVE-2019-12406 not fixed in 3.1 branch

Source: MLIST
Type: Exploit, Mailing List, Vendor Advisory
[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html

Source: MLIST
Type: Mailing List, Vendor Advisory
[cxf-issues] 20200821 [jira] [Comment Edited] (CXF-8328) CVE-2019-12406 not fixed in 3.1 branch

Source: MLIST
Type: Exploit, Mailing List, Vendor Advisory
[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html

Source: MLIST
Type: Mailing List, Vendor Advisory
[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html

Source: MLIST
Type: Mailing List, Vendor Advisory
[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html

Source: MLIST
Type: Exploit, Mailing List, Vendor Advisory
[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html

Source: CCN
Type: oss-sec Mailing List, Tue, 5 Nov 2019 15:53:54 +0000
[CVE-2019-12406] Apache CXF does not restrict the number of message attachments

Source: CCN
Type: IBM Security Bulletin 1288774 (WebSphere Application Server)
Vulnerability in Apache CXF affects WebSphere Application Server (CVE-2019-12406)

Source: CCN
Type: IBM Security Bulletin 5693247 (Tivoli Application Dependency Discovery Manager)
Apache CXF (Publicly disclosed vulnerability)

Source: CCN
Type: IBM Security Bulletin 5967993 (Liberty for Java)
Vulnerability in Apache CXF affects Liberty for Java for IBM Cloud(CVE-2019-12406)

Source: CCN
Type: IBM Security Bulletin 6113998 (WebSphere Application Server in Cloud)
Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud

Source: CCN
Type: IBM Security Bulletin 6173907 (Monitoring)
A vulnerability in Apache CFX affects the IBM Performance Management product (CVE-2019-12406)

Source: CCN
Type: IBM Security Bulletin 6190575 (Cloud App Management)
A vulnerability in Apache CXF affects IBM Cloud App Management (CVE-2019-12406)

Source: CCN
Type: IBM Security Bulletin 6195501 (Watson Explorer)
Vulnerabilities exist in Watson Explorer (CVE-2019-4720, CVE-2019-12406)

Source: CCN
Type: IBM Security Bulletin 6202528 (Cloud Pak for Data)
Vulnerabilities in WebSphere Liberty affecting Watson Knowledge Catalog for IBM Cloud Pak for Data

Source: CCN
Type: IBM Security Bulletin 6205799 (Control Center)
Websphere denial-of-service vulnerability affects IBM Control Center (CVE-2019-12406)

Source: CCN
Type: IBM Security Bulletin 6207092 (Streams)
Vulnerability in Apache CXF affects WebSphere Application Server Liberty

Source: CCN
Type: IBM Security Bulletin 6207100 (InfoSphere Information Server)
IBM InfoSphere Information Server is affected by multiple vulnerabilities in WebSphere Application Server Liberty

Source: CCN
Type: IBM Security Bulletin 6207901 (Security Identity Governance and Intelligence)
IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6208295 (Cloud Private)
IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-12406)

Source: CCN
Type: IBM Security Bulletin 6208321 (Security Identity Governance and Intelligence)
IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2019-12406)

Source: CCN
Type: IBM Security Bulletin 6209035 (Global High Availability Mailbox)
Multiple vulnerabilities have been Identified In WebSphere Liberty Server shipped with IBM Global Mailbox

Source: CCN
Type: IBM Security Bulletin 6212155 (Spectrum Control Standard Edition)
Vulnerabilities in IBM WebSphere Application Server Liberty affect BM Spectrum Control (CVE-2019-17573, CVE-2019-12406)

Source: CCN
Type: IBM Security Bulletin 6217331 (CICS Transaction Gateway for Multiplatforms)
Vulnerability in the Apache CXF library used in WebSphere Application Server Liberty Core affect CICS Transaction Gateway

Source: CCN
Type: IBM Security Bulletin 6217606 (Compare and Comply)
Vulnerability in Apache CXF affects WebSphere Application Server (CVE-2019-12406)

Source: CCN
Type: IBM Security Bulletin 6218312 (MobileFirst Platform Foundation)
Vulnerability in Apache CXF affects WebSphere Application Server Liberty (CVE-2019-12406)

Source: CCN
Type: IBM Security Bulletin 6220246 (SPSS Analytic Server)
Vulnerability in Apache CXF affects WebSphere Application Server that is installed with IBM SPSS Analytic Server (CVE-2019-12406)

Source: CCN
Type: IBM Security Bulletin 6226346 (Event Streams)
IBM Event Streams is affected by Apache CXF vulnerability CVE-2019-12406

Source: CCN
Type: IBM Security Bulletin 6235074 (Cloud Pak for Automation)
Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation

Source: CCN
Type: IBM Security Bulletin 6236448 (Voice Gateway)
Security vulnerability in IBM WebSphere Application Server affects IBM Voice Gateway

Source: CCN
Type: IBM Security Bulletin 6241360 (Tivoli Netcool Impact)
A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Impact (CVE-2019-12406)

Source: CCN
Type: IBM Security Bulletin 6242348 (Security Identity Manager Virtual Appliance)
IBM Security Identity Manager Virtual Appliance is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6242388 (Rational Asset Analyzer)
Rational Asset Analyzer is affected by a vulnerability in Websphere Application Server.

Source: CCN
Type: IBM Security Bulletin 6242776 (Rational Asset Analyzer)
Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability

Source: CCN
Type: IBM Security Bulletin 6257415 (Spectrum Protect Operations Center)
Vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Protect Operations Center and Client Management Service (CVE-2019-12406)

Source: CCN
Type: IBM Security Bulletin 6324799 (Spectrum Protect Plus)
Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Protect Plus

Source: CCN
Type: IBM Security Bulletin 6327189 (PowerVM NovaLink)
Novalink is impacted Apache CXF affects middle vulnerability in WebSphere Application Server Liberty (CVE-2019-12406)

Source: CCN
Type: IBM Security Bulletin 6344071 (QRadar SIEM)
IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6391590 (Cloud Application Business Insights)
Multiple Vulnerabilities in Websphere Liberty server (WLP) affects IBM Cloud Application Business Insights

Source: CCN
Type: IBM Security Bulletin 6405740 (Watson Machine Learning Accelerator)
Vulnerabilities in IBM WebSphere Liberty affects IBM Waston Machine Learning Accelerator

Source: CCN
Type: IBM Security Bulletin 6451705 (Cognos Analytics)
IBM Cognos Analytics has addressed multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6509856 (Cognos Controller)
IBM Cognos Controller has addressed multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6828455 (z/Transaction Processing Facility)
z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages

Source: CCN
Type: IBM Security Bulletin 6831647 (Security Guardium)
IBM Security Guardium is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6854713 (Voice Gateway)
Multiple Vulnerabilities in Java and Node.js packages affect IBM Voice Gateway

Source: N/A
Type: Patch, Third Party Advisory
N/A

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2020.html

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:cxf:*:*:*:*:*:*:*:* (Version < 3.2.11)
  • OR cpe:/a:apache:cxf:*:*:*:*:*:*:*:* (Version >= 3.3.0 and < 3.3.4)

    • Configuration 2:
  • cpe:/a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:apache:cxf:3.2.11:*:*:*:*:*:*:*
  • OR cpe:/a:apache:cxf:3.3.3:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:10.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spss_analytic_server:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:11.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:streams:4.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:11.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spss_analytic_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:11.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:streams:4.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:monitoring:8.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:10.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_asset_analyzer:6.1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server_in_cloud:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server_in_cloud:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:::~~liberty~~~:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server_in_cloud:*:*:*:*:liberty:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:10.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_controller:10.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_controller:10.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:2019.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_netcool/impact:7.1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:liberty:3.37:*:java:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:19.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.3:*:deep_analytics:*:analytical_components:*:*:*
  • OR cpe:/a:ibm:mobilefirst_platform_foundation:8.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_data:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_app_management:2019.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_app_management:2019.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:control_center:6.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:control_center:6.1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:control_center:6.1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.2.0:cd:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.2.1:cd:*:*:*:*:*:*
  • OR cpe:/a:ibm:cics_transaction_gateway:9.1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cics_transaction_gateway:9.1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cics_transaction_gateway:9.2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cics_transaction_gateway:9.2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:2019.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:2019.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:2019.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_operations_center:7.1.0.000:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_operations_center:8.1.0.000:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:20.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_identity_manager_virtual_appliance:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_asset_analyzer:6.1.0.23:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_plus:10.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_identity_manager_virtual_appliance:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3.3:p4:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4.0:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4.1:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_controller:10.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_application_business_insights:1.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_application_business_insights:1.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    apache cxf *
    apache cxf *
    oracle commerce guided search 11.3.2
    oracle flexcube private banking 12.0.0
    oracle flexcube private banking 12.1.0
    oracle retail order broker 15.0
    apache cxf 3.2.11
    apache cxf 3.3.3
    ibm websphere application server 8.5
    ibm watson explorer 10.0.0
    ibm spss analytic server 2.0
    ibm watson explorer 11.0.0
    ibm security identity governance and intelligence 5.2
    ibm streams 4.1.1
    ibm watson explorer 11.0.1
    ibm websphere application server 9.0
    ibm spss analytic server 3.0
    ibm cognos analytics 11.0
    ibm watson explorer 11.0.2
    ibm streams 4.2.1
    ibm monitoring 8.1.4
    ibm infosphere information server 11.7
    ibm spectrum protect plus 10.1.0
    ibm security guardium 10.5
    ibm security identity governance and intelligence 5.2.3
    ibm rational asset analyzer 6.1.0.0
    ibm security identity governance and intelligence 5.2.4
    ibm websphere application server in cloud 8.5
    ibm websphere application server in cloud 9.0
    ibm websphere application server
    ibm watson explorer 12.0.0
    ibm websphere application server in cloud *
    ibm qradar security information and event manager 7.3.0
    ibm security guardium 10.6
    ibm watson explorer 12.0.1
    ibm watson explorer 12.0.2
    ibm cognos controller 10.4.0
    ibm cognos analytics 11.1
    ibm cognos controller 10.4.1
    ibm event streams 2019.2.1
    ibm tivoli netcool/impact 7.1.0.0
    ibm voice gateway 1.0.2
    ibm voice gateway 1.0.3
    ibm liberty 3.37
    ibm cloud pak for automation 19.0.3
    ibm security identity governance and intelligence 5.2.5
    ibm watson explorer 12.0.3
    ibm mobilefirst platform foundation 8.0.0.0
    ibm tivoli application dependency discovery manager 7.3.0
    ibm voice gateway 1.0.2.4
    ibm voice gateway 1.0.4
    ibm cloud pak for data 2.5
    ibm security guardium 11.0
    ibm security guardium 11.1
    ibm cloud app management 2019.3.0
    ibm cloud app management 2019.4.0
    ibm control center 6.0.0.2
    ibm control center 6.1.2.1
    ibm control center 6.1.3.0
    ibm cloud private 3.2.0 cd
    ibm cloud private 3.2.1 cd
    ibm cics transaction gateway 9.1.0.0
    ibm cics transaction gateway 9.1.0.3
    ibm cics transaction gateway 9.2.0.0
    ibm cics transaction gateway 9.2.0.2
    ibm security identity governance and intelligence 5.2.6
    ibm event streams 2019.2.2
    ibm event streams 2019.2.3
    ibm event streams 2019.4.1
    ibm spectrum protect operations center 7.1.0.000
    ibm spectrum protect operations center 8.1.0.000
    ibm voice gateway 1.0.5
    ibm cloud pak for automation 20.0.1
    ibm security identity manager virtual appliance 7.0.2
    ibm rational asset analyzer 6.1.0.23
    ibm spectrum protect plus 10.1.6
    ibm security identity manager virtual appliance 7.0.1
    ibm qradar security information and event manager 7.3.3 p4
    ibm qradar security information and event manager 7.4.0
    ibm qradar security information and event manager 7.4.1 -
    ibm security guardium 11.2
    ibm cognos controller 10.4.2
    ibm cloud application business insights 1.1.4
    ibm cloud application business insights 1.1.3
    ibm voice gateway 1.0.7
    ibm security guardium 11.3
    ibm security guardium 11.4