IBM Updates
1636Warning Date
Severity Level
Warning Number
Target Sector
3 December, 2020
● High
2020-2140
All
Description:
IBM has released security updates to address multiple vulnerabilities in the following products:
- IBM Spectrum Protect Plus Container Agent for Kubernetes and OpenShift
- 10.1.5-10.1.6
- IBM Spectrum Protect Plus Microsoft File Systems Agent
- 10.1.6
- IBM Security Guardium Big Data Intelligence
- 1.0
- InfoSphere Information Server, Information Server on Cloud
- 11.7
- 11.5
- IBM Netezza Analytics
- 3.3.6 and lower
- IBM Business Automation Workflow
- v19.0.0.x
- v18.0.0.x
- IBM Business Process Manager
- v8.6.0 / v18.0.0.0
- v8.5.x
Threats:
An attacker could exploit these vulnerabilities by doing the following:
- Denial of service (DoS)
- Cross-site scripting (XSS)
- Arbitrary code execution
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-pyyaml-affects-ibm-spectrum-protect-plus-container-and-microsoft-file-systems-agents-cve-2020-1747/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-big-data-intelligence-sonarg-is-affected-by-a-3rd-party-cryptographc-vulnerability-cve-2020-4254/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-bypass-vulnerability-in-apache-solr-lucene-affects-ibm-infosphere-information-server/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-with-administration-console-for-content-platform-engine-component-in-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2/