IBM Updates
1747Warning Date
Severity Level
Warning Number
Target Sector
2 March, 2021
● High
2021-2549
All
Description:
IBM has released a security updates to address several vulnerabilities in the following products:
- StoredIQ for Legal
- 2.0.3
- IBM Security Guardium
- 11.1
- 11.2
- 10.6
- Datacap Taskmaster Capture
- 9.1.7
- InfoSphere Data Replication
- 11.4.0
- 11.3.3
- IBM Cognos Command Center
- 10.2.4.1
- 10.2.4.0
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Execute arbitrary commands -remotely
- Denial of service attack (DoS)
- Obtain sensitive information
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-ibm-db2-shipped-with-ibm-storediq-for-legal/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-cross-site-scripting-vulnerabilities-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-datacap-taskmaster-capture-is-affected-by-vulnerable-to-appscans-sslv3-client-hello-with-cbc-cipher-suites-that-contain-tls_fallback_scsv-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-java-sdk-update/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-privilege-escalation-vulnerability-cve-2020-4952-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-11/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-information-exposure-vulnerability-cve-2020-4189-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-12/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-kernel-vulnerabilities-6/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-oracle-mysql-vulnerabilities-10/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-command-center-has-addressed-multiple-vulnerabilities-q12021/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cognos-command-cente