IBM Updates
1827Warning Date
Severity Level
Warning Number
Target Sector
28 February, 2021
● High
2021-2541
All
Description:
IBM has released a security updates to address several vulnerabilities in the following products:
- IBM Spectrum Protect Plus
- 10.1.0-10.1.7
- IBM WIoTP MessageGateway
- 5.0.0.1
- IBM IoT MessageSight
- 5.0.0.0
- 2.0.0.2
- Sterling Connect Direct Browser
- 1.5.0.2
- 1.4.1.1
- FileNet Content Manager
- 5.5.5
- 5.5.4
- NX-OS
- NX-OS prior to 8.4(2b)
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Execute arbitrary commands -remotely
- Denial of service attack (DoS)
- Obtain sensitive information
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-soar-is-using-opensaml-2-6-4-jar-that-could-be-vulnerable-to-bypass-security-restrictions-cve-2015-1796/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozilla-firefox-less-than-firefox-78-5-esr-cve-2020-26951-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if11-icam2019-3-0-2020-2-0/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-go-affect-ibm-cloud-pak-for-multicloud-management-hybrid-grc-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozilla-firefox-less-than-firefox-78-5-esr-cve-2020-15677-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if12-icam2019-3-0-2020-2-0/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozilla-firefox-less-than-firefox-78-5-esr-cve-2020-15683-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if12-icam2019-3-0-2020-2-0/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-oct-2020/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-affects-ibm-cloud-private-openssl-cve-2019-1551-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-soar-is-using-components-with-known-vulnerabilities-java-se-cve-2020-14779-cve-2020-14792-cve-2020-14796-cve-2020-14797-cve-2020-14798/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-a-node-js-lodash-vulnerability-cveid-183560-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozilla-firefox-less-than-firefox-78-5-esr-cve-2020-26950-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if12-icam2019-3-0-2020-2-0/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-a-mongodb-vulnerability-cve-2020-7923/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-go-vulnerabilities-cve-2021-3114-cve-2021-3115/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-node-js-vulnerabilities-cve-2020-8201-cve-2020-8252-cve-2020-8251/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-etcd-vulnerabilities-cve-2020-15106-cve-2020-15112-cve-2020-15113/
- https://www.ibm.com/blogs/psirt/security-bulletin-datacap-taskmaster-capture-is-affected-by-vulnerable-to-appscans-sslv3-client-hello-with-cbc-cipher-suites-that-contain-tls_fallback_scsv-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-performance-management-products-7/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-java-vulnerabilities-cve-2020-14792-cve-2020-14797-cve-2020-14781-cve-2020-14779-cve-2020-14798-cve-2020-14796/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-kubernetes-vulnerabilities/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-the-ibm-performance-management-product/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-a-go-vulnerability-cve-2020-15586/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-curl-vulnerabilities-cve-2020-8169-cve-2020-8177/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-multiple-vulnerabilities-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-a-go-vulnerability-cve-2020-16845/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-a-websphere-application-server-liberty-vulnerability-cve-2020-4590/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-kubernetes-vulnerabilities-cve-2020-8566-cve-2020-8565-cve-2020-8563-cve-2020-8564/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-a-java-vulnerability-cve-2020-14782/
- https://www.ibm.com/blogs/psirt/security-bulletin-google-api-client-as-used-by-ibm-qradar-siem-is-vulnerable-to-authorization-bypass-cve-2020-7692/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-a-python-vulnerability-cve-2020-25659/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-affect-ibm-engineering-products/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-mongodb-vulnerabilities-cve-2020-7926-cve-2020-7925-cve-2020-7928/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-a-go-vulnerability-cve-2020-28362/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-google-guava/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-google-guava/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-node-js-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-tensorflow-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-xstream/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-xstream/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-apache-httpclient/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-java-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-python-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-fasterxml-jackson-databind-9/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-go-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-spring/