IBM Updates
2177Warning Date
Severity Level
Warning Number
Target Sector
10 December, 2020
● High
2020-2182
All
Description:
IBM has released security updates to address multiple vulnerabilities in the following products:
- ICP – Discovery
- 2.0.0-2.1.4
- IBM Sterling B2B Integrator
- 6.0.0.0 – 6.0.3.1
- 5.2.0.0 – 5.2.6.5_1
- WA for ICP
- 1.4.0, 1.4.1, 1.4.2
- AIX
- 7.1.5
- 7.1.4
- 7.1.3
- Node.js™ in IBM Cloud
- IBM App Connect
- V11.0.0.0 – V11.0.0.8
- IBM Integration Bus
- V10.0.0.0 -V10.0.0.21
- V9.0.0.0 – V9.0.0.11
- ICP – Discovery
- 2.0.0-2.1.4
- InfoSphere Master Data Management
- 11.6
- VIOS
- 3.1
- IBM Aspera High-Speed Transfer Server
- 3.9.6.2 and earlier
- IBM Aspera High-Speed Transfer Endpoint
- 3.9.6.2 and earlier
- IBM App connect Enterprise
- V11 , V11.0.0.0 – V11.0.0.10
- IBM Sterling File Gateway
- 2.2.0.0 – 6.0.3.2
- Liberty for Java
- 3.49
- IBM® Db2®
Threats:
An attacker could exploit these vulnerabilities by doing the following:
- Sensitive information disclosure
- Execute arbitrary code
- Denial of service attack (DoS)
- Escalation of privilege
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-tensorflow-2/
- ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-netty/
- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-fasterxml-jackson-databind-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-postgresql-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-perl-affect-aix-cve-2020-10543-cve-2020-10878-and-cve-2020-12723/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-sdk-for-node-js-in-ibm-cloud-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-july-2020-critical-patch-update-for-java/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-integration-bus-and-ibm-app-connect-cve-2019-1551/
- https://www.ibm.com/blogs/psirt/security-bulletin-april-2020-critical-patch-update-for-java/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-apache-log4j-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-master-data-management-server-vulnerability-in-openssl/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-fasterxml-jackson-databind-8/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ksu-affects-aix-cve-2020-4829/
- https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-vulnerability-cve-2020-24750-impacts-ibm-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-versions-prior-to-v4-0/
- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-ibm-websphere-application-liberty/
- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-node-js-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-node-js/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-go-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-jquery/
- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-ibm-websphere-application-server/
- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-node-js-lodash-module/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-app-connect-enterprise-v11-cve-2020-8244/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-app-connect-enterprise-v11-cve-2020-8244/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-integration-bus-and-ibm-app-connect-cve-2019-1552/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-node-js/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-apache-commons-codec/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-sdk-for-node-js-in-ibm-cloud-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-apache-struts-affect-ibm-sterling-file-gateway-cve-2019-0233-cve-2019-0230-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-hibernate-validator-affects-liberty-for-java-for-ibm-cloud-cve-2020-10693/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-a-buffer-overflow-cve-2020-4701-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-jre-vulnerability-cveid-178768-impacts-ibm-aspera-high-speed-transfer-server-ibm-aspera-high-speed-transfer-endpoint-version-3-9-6-2-and-earlier/