IBM Updates
1585Warning Date
Severity Level
Warning Number
Target Sector
27 May, 2021
● Medium
2021-2969
All
Description:
IBM has released a security update to address several vulnerabilities in the following products:
- IBM Spectrum Protect Snapshot for Db2 on AIX and Linux
- 8.1.0.0-8.1.11.0
- 4.1.0.0-4.1.6.4
- IBM Spectrum Protect Snapshot for Custom Applications on AIX and Linux
- 8.1.0.0-8.1.11.0
- 4.1.0.0-4.1.6.4
- IBM Spectrum Protect Snapshot for Oracle on AIX and Linux
- 8.1.0.0-8.1.11.0
- 4.1.0.0-4.1.6.4
- IBM Spectrum Protect Snapshot for Oracle with SAP on AIX and Linux
- 8.1.0.0-8.1.11.0
- 4.1.0.0-4.1.6.4
- IBM Spectrum Protect Snapshot Prerequisite Checker
- 8.1.0.0-8.1.11.0
- 4.1.0.0-4.1.6.4
- IBM MQ
- 9.0 LTS
- 9.1 LTS
- 8.0
- 9.2 CD
- 9.1 CD
- 9.2 LTS
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Buffer overflow
- Execute arbitrary code
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-16/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-bypass-vulnerability-in-postgresql-affects-ibm-connectdirect-web-services-cve-2020-10733/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-an-issue-in-ibm-runtime-environment-java-technology-edition-cve-2020-14779/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-java-affecting-watson-knowledge-catalog-for-ibm-cloud-pak-for-data/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-april-2021-cpu-that-is-bundled-with-ibm-websphere-application-server-patterns/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-bypass-vulnerability-in-postgresql-affects-ibm-connectdirect-web-services-cve-2021-3393/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-bypass-vulnerability-in-postgresql-affects-ibm-connectdirect-web-services-cve-2021-20229/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4996-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-ibm-spectrum-protect-snapshot-on-aix-and-linux-cve-2020-27221-2/