IBM Updates
1743Warning Date
Severity Level
Warning Number
Target Sector
4 May, 2021
● High
2021-2866
All
Description:
IBM has released a security update to address several vulnerabilities in the following products:
- Sterling Connect:Express for UNIX
- 1.5.x
- IBM Watson Machine Learning on CP4D
- 2.5
- 3.0
- Cloud Orchestrator
- 2.5.0.10
- AIX
- 7.1
- 7.2
- VIOS
- 3.1
- IBM Watson Machine Learning Server on-prem
- 2.0.0
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Execute arbitrary code
- Denial of service attack (DoS)
- Buffer overflow
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-go-is-is-vulnerable-to-a-denial-of-service-on-ibm-watson-machine-learning-on-cp4d/
- https://www.ibm.com/blogs/psirt/security-bulletin-netty-security-vulnerabilities-with-zlibdecoders-on-ibm-watson-machine-learning-server/
- https://www.ibm.com/blogs/psirt/security-bulletin-netty-security-vulnerabilities-on-ibm-watson-machine-learning-server/
- https://www.ibm.com/blogs/psirt/security-bulletin-tensor-flow-security-vulnerabilities-with-segmentation-fault-on-ibm-watson-machine-learning-on-cp4d/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-exists-in-the-management-gui-of-the-ibm-flashsystem-900/
- https://www.ibm.com/blogs/psirt/security-bulletin-tensor-flow-security-vulnerabilities-with-denial-of-service-on-ibm-watson-machine-learning-on-cp4d/
- https://www.ibm.com/blogs/psirt/security-bulletin-tensor-flow-security-vulnerabilities-with-denial-of-service-on-ibm-watson-machine-learning-server/
- https://www.ibm.com/blogs/psirt/security-bulletin-tensorflow-is-vulnerable-to-a-heap-based-buffer-overflow-on-ibm-watson-machine-learning-on-cp4d/
- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilities-affect-ibm-sterling-connectexpress-for-unix-cve-2021-3049-cve-2021-3050/
- https://www.ibm.com/blogs/psirt/security-bulletin-go-can-panic-upon-an-attempt-to-process-network-traffic-on-ibm-watson-machine-learning-on-cp4d/
- https://www.ibm.com/blogs/psirt/security-bulletin-go-is-suspectible-for-denial-of-service-on-ibm-watson-machine-learning-on-cp4d/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-may-affect-ibm-cloud-orchestrator-and-ibm-cloud-orchestrator-enterprise-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-go-is-vulnerable-to-a-denial-of-service-on-ibm-watson-machine-learning-on-cp4d/
- https://www.ibm.com/blogs/psirt/security-bulletin-go-is-vulnerable-to-allows-attacks-on-clients-on-ibm-watson-machine-learning-on-cp4d/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-aix-cve-2021-23839-cve-2021-23840-and-cve-2021-23841-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-go-security-vulnerabilities-on-ibm-watson-machine-learning-server/