IBM Updates
1632Warning Date
Severity Level
Warning Number
Target Sector
17 May, 2021
● High
2021-2915
All
Description:
IBM has released a security update to address several vulnerabilities in the following products:
- IBM Cloud Pak for Multicloud Management Infrastructure Management
- Cloud Pak for Security (CP4S)
- 1.6.0.1
- 1.6.0.0
- 1.5.0.1
- 1.5.0.0
- 1.4.0.0
- Spectrum Discover
- 2.0.3
- 2.0.4
- IBM Cloud Automation Manager
- 4.2.0.1
- ICP – Discovery
- 2.0.0-2.2.1
- IBM Control Center
- 6.2.0.0
- IBM Netezza Analytics for NPS
- 11.2.1.0 and lower
- IBM Planning Analytics Local
- 2.0
- IBM Planning Analytics Cloud
- 2.0
- CP4D
- 3.0.1
- 2.5
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Execute arbitrary commands
- Buffer overflow
- Sensitive information disclosure
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-user-behavior-analytics-application-add-on-to-ibm-qradar-siem-is-vulnerable-to-overly-permissive-cors-policy-cve-2021-20429/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-xmldom-and-msgpack5-module-affects-ibm-cloud-pak-for-multicloud-management-managed-service/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-xmldom-and-msgpack5-module-affects-ibm-cloud-automation-manager/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-spreadsheet-services-is-affected-by-a-security-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-user-behavior-analytics-application-add-on-to-ibm-qradar-siem-is-vulnerable-to-cross-site-scripting-cve-2021-20392/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-mongodb-server-affects-ibm-cloud-pak-for-multicloud-management-managed-service/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-httpcomponents-and-httpcommons-affect-websphere-application-server/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-go-affects-ibm-cloud-pak-for-multicloud-management-managed-service-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-user-behavior-analytics-application-add-on-to-ibm-qradar-siem-is-vulnerable-to-information-exposure-cve-2021-20393/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssh-affects-ibm-integrated-analytics-system-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-samba-for-ibm-i-is-affected-by-cve-2021-20254/
- https://www.ibm.com/blogs/psirt/security-bulletin-user-behavior-analytics-application-add-on-to-ibm-qradar-siem-is-vulnerable-to-cacheable-ssl-pages-cve-2021-20391/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-bypass-vulnerability-in-spring-framework-affects-ibm-control-center-cve-2020-5421/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-httpclient-and-eclipse-jetty-affect-ibm-control-center-cve-2020-13956-cve-2020-27218/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-mq-vulnerabilities-affect-ibm-control-center/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-ant-vulnerabilities-affect-ibm-control-center-cve-2020-1945-cve-2020-11979/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-datastage-is-affected-by-an-information-disclosure-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-guava-google-core-libraries-vulnerability-affects-ibm-control-center-cve-2020-8908/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-hosted-git-info-module-affects-ibm-cloud-pak-for-multicloud-management-managed-service/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-affects-ibm-cloud-pak-for-multicloud-management-managed-service/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-lodash-module-affects-ibm-cloud-pak-for-multicloud-management-managed-service/
- https://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-contains-security-vulnerabilities/
- https://www.ibm.com/blogs/psirt/security-bulletin-spectrum-discover-has-addressed-multiple-security-vulnerabilities-cve-2020-13401-cve-2019-20372-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-affects-ibm-cloud-automation-manager-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-the-python-docker-and-icp-affect-ibm-spectrum-discover/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-hosted-git-info-module-affects-ibm-cloud-automation-manager/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-node-js-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-eclipse-jetty-vulnerability-affects-ibm-control-center-cve-2020-27216/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-gnu-binutils-affect-ibm-netezza-analytics-for-nps/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-8/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-pak-for-data-node-js/
- https://www.ibm.com/blogs/psirt/security-bulletin-hibernate-orm-vulnerabilities-affect-ibm-control-center-cve-2019-14900-cve-2020-25638/
- https://www.ibm.com/blogs/psirt/security-bulletin-h2-database-vulnerabilities-affect-ibm-control-center-cve-2018-10054-cve-2018-14335/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-apache-tomcat-vulnerabilities-affect-ibm-control-center/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-xstream-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-fasterxml-jackson-dataformat/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ckeditor-vulnerabilities-affect-ibm-control-center/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-pak-for-data-python-cve-2020-15801/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-pak-for-data-openssl/