IBM Updates
1866Warning Date
Severity Level
Warning Number
Target Sector
22 December, 2020
● Medium
2020-2239
All
Description:
IBM has released security updates to address multiple vulnerabilities in the following products:
- IBMQRadar SIEM
- ِAll versions before 7.4.0-QRADAR-PROTOCOL-Common-7.4-20200914191530
- All versions before 7.3.0-QRADAR-PROTOCOL-Common-7.3-20200914161505
- IBM Netezza Host Management
- 5.3.8.0 – 5.4.29.0
- IBM Spectrum Conductor
- 2.2.1
- 2.4
- 2.4.1
- 2.5.0
- 2.3
Threats:
Remote attacker could exploit these vulnerabilities by doing the following:
- Denial of service (DoS)
- Sensitive information disclosure
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-poi-as-used-by-ibmqradar-siem-is-vulnerable-to-information-disclosure-cve-2019-12415-cve-2017-12626/
- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-bind-affects-ibm-netezza-host-management/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affect-ibm-spectrum-conductor-and-ibm-spectrum-conductor-with-spark-3/