IBM Updates
2515Warning Date
Severity Level
Warning Number
Target Sector
3 March, 2021
● Critical
2021-2561
All
Description:
IBM has released a security updates to address several vulnerabilities in the following products:
- mobile sdk
- 1405
- IBM Security Verify Bridge
- InfoSphere Information Server, Information Server on Cloud
- 11.7
- 11.5
- InfoSphere Information Server
- 11.3
- IBM Maximo Anywhere
- 7.6.3
- 7.6.2
- IBM Security Verify Information Queue
- 1.0.6
- 1.0.7
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Execute arbitrary commands -remotely
- Denial of service attack (DoS)
- Obtain sensitive information
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-android-mobile-sdk-compile-builder-includes-vulnerable-components/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-bridge-uses-relatively-weak-cryptographic-algorithms-in-two-of-its-functions-cve-2021-20441/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-a-cross-site-scripting-vulnerability-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ios-vulnerable-minimum-os-version-supported/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-information-queue-uses-a-node-js-proxy-library-that-has-a-known-vulnerability-183561/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-bridge-uses-a-hard-coded-key-to-encrypt-the-client-secret-cve-2021-20442/