IBM Updates
1714Warning Date
Severity Level
Warning Number
Target Sector
1 July, 2021
● High
2021-3130
All
Description:
IBM has released a security updates to address several vulnerabilities in the following products:
- Datacap Navigator
- 9.1.7
- IBM MQ Appliance
- 9.2 CD
- 9.2 LTS
- IBM Watson Discovery
- 2.0.0-2.2.1
- PUB
- 7.0.1
- 7.0.2
- 6.0.6
- 6.0.6.1
- 7.0
- RQM
- 6.0.6.1
- 6.0.6
- ETM
- 7.0.1
- 7.0.2
- ETM
- 7.0.0
- DOORS Next
- 7.0.2
- 7.0
- 7.0.1
- RDNG
- 6.0.6.1
- 6.0.6
- EWM
- 7.0.2
- 7.0.1
- RTC
- 6.0.6.1
- EWM
- 7.0
- RTC
- 6.0.6
- IBM Engineering Requirements Quality Assistant On-Premises
- All
- CLM
- 6.0.6.1
- 6.0.6
- ELM
- 7.0.2
- 7.0
- 7.0.1
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Sensitive information disclosure
- Execute arbitrary code
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-from-various-input-fields-may-affect-datacap-navigator/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-an-openssl-vulnerability-cve-2021-3449/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-go-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-vulnerability-in-tls-cve-2020-4831/
- https://www.ibm.com/blogs/psirt/security-bulletin-using-xss-attack-an-attacker-may-inject-javascript-code-by-modifying-input-fields-in-datacap-navigator/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-ibm-java-sdk-april-2021-cpu-plus-affect-multiple-ibm-continuous-engineering-products-based-on-ibm-jazz-technology/