The official site for Saudi CERT
Your review has been sent successfully
IBM Updates
2058
Warning Date
Severity Level
Warning Number
Target Sector
14 April, 2021
● Critical
2021-2752
All
Description:
IBM has released a security update to address several vulnerabilities in the following products:
- IBM Emptoris Strategic Supply Management
- Platform 10.1.0.x,10.1.1.x,10.1.3.x
- InfoSphere Information Server on the Microservices tier
- 11.7
- HMC V9.1.910.0
- V9.1.910.0 and later
- HMC V9.2.950.0
- V9.2.950.0 and later
- IBM CICS TX on Cloud
- 10.1.0.0
- IBM Emptoris Contract Management
- 10.1.3.x,10.1.1.x, 10.1.0.x
- ICP – Discovery
- 2.0.0-2.2.1
- Content Collector for File Systems
- 4.0.1.x
- API Connect
- V5.0.0.0-5.0.8.10
- V2018.4.1.0-V2018.4.1.13
- V10.0.0.0-10.0.1.1
- RBD
- 9.5
- 9.6
- Capilano (Installation Manager)
- 1.9.x
- Watson OpenScale
- 3.5.0
- IBM Emptoris Sourcing IBM Emptoris Sourcing
- 10.1.0.x
- 10.1.1.x
- 10.1.3.x
- IBM Cloud Transformation Advisor
- 2.4.0, 2.4.1
- InfoSphere Information Server with a microservices tier
- 11.7
- IBM TXSeries for Multiplatforms
- 8.2.0.0-8.2.0.2
- 1.0.0-9.1.0.1
- IBM Content Collector for SAP Applications
- 4.0.0
- IBM Network Performance Insight
- 1.3.1
- App Connect Professional
- v 7.5.3.0
- v 7.5.4.0
- RFT
- 9.1
- 9.2
- 9.5
- IBM Emptoris Supplier Lifecycle Mgmt
- 10.1.1.x
- 10.1.0.x
- 10.1.3.x
- Content Collector for Microsoft SharePoint
- 4.0.1.x
- terling Connect:Direct
- FTP+ 1.3
- IBM Tivoli Application Dependency Discovery Manager
- 7.3.0.0
- SPSS Collaboration and Deployment Services
- 7.0.0.1
- 8.0
- 8.1
- 8.1.1
- 8.2
- 8.2.1
- 8.2.2
- Content Collector for IBM Connections
- 4.0.1.x
- DB2 Query Management Facility for z/OS
- 11.2.1
- 12.1
- 12.2
- 11.2
- 11.1
- Query Management Facility Classic Edition
- 11.1
- Query Management Facility Enterprise Edition
- 11.1
- DataQuant for z/OS
- 2.1
- WebSphere Application Server Liberty1
- 7.0.0.3 – 21.0.0.3
- WebSphere Application Server
- 9.0
- 8.5
- 8.0
- ICP – Discovery
- 2.0.0-2.2.1
- InfoSphere Information Server
- 11.7
- IBM Watson Explorer Deep Analytics Edition Foundational Components
- IBM Watson Explorer Deep Analytics Edition Analytical Components
- IBM Watson Explorer Deep Analytics Edition oneWEX
- IBM Watson Explorer
- Foundational Components
- IBM Watson Explorer Foundational Components
- IBM Watson Explorer Foundational Components Annotation Administration Console
- IBM Watson Explorer Analytical Components
- IBM Watson Explorer Content Analytics Studio
- WebSphere Extreme Scale
- 8.6.1
- 8.6.0
- ITCAM for Transactions
- 7.4.0.x
- IBM Emptoris Program Management
- 10.1.0.x
- 10.1.1.x
- 10.1.3.x
- IBM Watson Machine Learning on CP4D
- 2.5,3.0
- IBM Flex System Chassis Management Module (CMM)
- 2PET
- Content Collector for Email
- 4.0.1.x
- WebSphere MQ V5.3 for HP NonStop Server (MIPS and Itanium)
- 53.1.x
- IBM i
- 7.1
- 7.2
- 7.3
- 7.4
- UCD – IBM UrbanCode Deploy
- IBM Cloud Pak for Automation
- 20.0.3 IF002
- 20.0.2
- Sterling Connect Direct File Agent
- 1.4.0.0 – 1.4.0.1_iFix005 (AIX and Linux only)
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS)
- Unauthorized disclosure of information
- Buffer overflow
- Execute arbitrary code
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-security-vulnerabilities-affect-ibm-emptoris-strategic-supply-management-platform-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openjdk-version-11-affect-ibm-infosphere-information-server/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-affects-power-hardware-management-console-cve-2020-27221/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cics-tx-on-cloud-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-security-vulnerabilities-affect-ibm-emptoris-contract-management-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-apache-thrift/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-21/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-a-directory-traversal-vulnerability-in-drupal-core-sa-core-2021-001-cve-2020-36193/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-and-ibm-java-runtime-affects-rational-business-developer-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-installation-manager-and-ibm-packaging-utility-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-openscale-on-cloud-pak-for-data-is-impacted-by-cve-2020-14803-cve-2020-27221/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-security-vulnerabilities-affect-ibm-emptoris-sourcing-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-multiple-node-js-vulnerabilities-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-docker-affects-ibm-infosphere-information-server/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-txseries-for-multiplatforms-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-found-in-axis-jar-v1-x-may-affect-ibm-content-collector-for-sap-applications/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-cve-2021-20190-because-using-older-jackson-databind/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-multiple-node-js-vulnerabilities-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-professional-is-affected-by-apache-tomcat-vulnerabilities-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-functional-tester-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-node-js-and-openssl-cve-2020-1971-cve-2020-8265-cve-2020-8287/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-cve-2020-17516-in-apache-cassandra/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-security-vulnerabilities-affect-ibm-emptoris-supplier-lifecycle-mgmt-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-20/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-buffer-overflow-vulnerability-in-ibm-java-runtime-affects-ibm-sterling-connectdirect-ftp/
- https://www.ibm.com/blogs/psirt/security-bulletin-open-source-apache-tomcat-vulnerabilities-affect-ibm-tivoli-application-dependency-discovery-manager-cve-2021-25122-cve-2021-25329/
- https://www.ibm.com/blogs/psirt/security-bulletin-network-performance-insight-1-3-1-was-affected-by-jackson-databind-vulnerability-cve-2020-35728/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-collaboration-and-deployment-services/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-19/
- https://www.ibm.com/blogs/psirt/security-bulletin-db2-query-management-facility-is-vulnerable-to-ibm-sdk-java-technology-edition-quarterly-cpu-jan-2021-includes-oracle-jan-2021-cpu-plus-cve-2020-27221/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-dataquant-is-vulnerable-to-cve-2020-14803/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-myfaces-affects-websphere-application-server-cve-2021-26296/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-libtiff/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-denial-of-service-vulnerability-in-openssl-affects-ibm-infosphere-information-server/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-watson-explorer-and-watson-explorer-content-analytics-studio-cve-2020-14782-cve-2020-14781-cve-2020-27221/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-runtime-environment-java-technology-edition-affects-websphere-extreme-scale/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jan-2021-includes-oracle-jan-2021-cpu-affects-ibm-tivoli-composite-application-manager-for-transactions-robotic-response-time/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-security-vulnerabilities-affect-ibm-emptoris-program-management-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-tensor-flow-security-vulnerabilities-on-ibm-watson-machine-learning-on-cp4d/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-node-js-affect-ibm-infosphere-information-server/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-openscale-on-cloud-pak-for-data-is-impacted-by-multiple-vulnerabilities/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-flex-system-chassis-management-module-cmm-is-affected-by-vulnerabilities-in-network-time-protocol-ntp/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-18/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-node-js-vulnerability-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cloud-transformation-advisor-7/
- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-mq-for-hp-nonstop-server-is-affected-by-multiple-openssl-vulnerabilities-cve-2021-23839-cve-2021-23840-and-cve-2021-23841/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-eclipse-jetty-affects-ibm-infosphere-information-server/
- ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openjdk-version-8-affect-ibm-infosphere-information-server/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-sdk-and-ibm-java-runtime-for-ibm-i-is-affected-by-cve-2020-14803-and-cve-2020-27221/https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-sdk-and-ibm-java-runtime-for-ibm-i-is-affected-by-cve-2020-14803-and-cve-2020-27221/
- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-24122-when-serving-resources-from-a-network-location-using-the-ntfs-file-system-apache-tomcat-versions-8-5-0-to-8-5-59-were-susceptible-to-jsp-source-code-disclo/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-affect-ibm-engineering-products-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-cloud-pak-for-automation-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-node-js-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-sterling-connectdirect-file-agent-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-websphere-application-server-shipped-with-tivoli-business-service-manager-cve-2020-4949/
Last updated at 14 April, 2021
Rate the content
Share the page
