IBM Updates
1740Warning Date
Severity Level
Warning Number
Target Sector
23 May, 2021
● High
2021-2947
All
Description:
IBM has released a security update to address several vulnerabilities in the following products:
- IBM Spectrum Control
- 5.3.0.1-5.4.2
- ISIM VA
- 7.0.2
- IBM Security Guardium
- 11.2
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS)
- Sensitive information disclosure
- Buffer overflow
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-performance-tester-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-transparent-cloud-tiering-is-affected-by-a-vulnerability-which-could-allow-access-to-sensitive-information/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-service-tester-6/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-an-information-disclosure-vulnerability-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-websphere-application-server-april-2021-cpu/
- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-2161-may-affect-ibm-sdk-java-technology-edition-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-java-se-vulnerability-cve-2020-14782/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-java-se-vulnerability-cve-2020-14781/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-kernel-vulnerability-23/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-xstream-java-openssl-websphere-application-server-liberty-and-node-js-affect-ibm-spectrum-control/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerabilitiy-has-been-fixed-in-ibm-security-identity-manager-virtual-appliancecve-2019-17006/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-improper-neutralization-of-special-elements-used-in-an-sql-command-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilites/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-6/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-16/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-4/