IBM Updates
1725Warning Date
Severity Level
Warning Number
Target Sector
20 May, 2021
● High
2021-2938
All
Description:
IBM has released a security update to address several vulnerabilities in the following products:
- IBM Cloud Pak for Multicloud Management Infrastructure Management
- All
- IBM Cloud Automation Manager
- 4.2.0.1
- IBM Elastic Storage System
- 6.0.0 – 6.0.2.0
- IBM SQL Extensions Toolkit for NPS
- 11.2.0.0
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS)
- Sensitive information disclosure
- Execute arbitrary command
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-braces-and-netmask-module-affects-ibm-cloud-automation-manager/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-pcre-affects-ibm-sql-extensions-toolkit-for-nps/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-pug-pug-code-gen-module-affects-ibm-cloud-automation-manager/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-fixed-in-ibm-security-identity-manager-virtual-appliance/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-affected-by-a-vulnerability-within-libcurl-cve-2020-8284/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-netmask-module-affects-ibm-cloud-automation-manager/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-transparent-cloud-tiering-is-affected-by-a-vulnerability-in-ibm-runtime-environment-java/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-braces-and-netmask-module-affects-ibm-cloud-pak-for-multicloud-management-managed-service/
- https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulnerabilities-in-the-linux-kernel-used-in-ibm-elastic-storage-system-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-lodash-module-affects-ibm-cloud-pak-for-multicloud-management-managed-service-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-multiple-issues-with-the-ibm-runtime-environment-java-technology-edition-shipped-with-ibm-mq-cve-2020-14781-cve-2020-14782/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-pug-and-pug-code-gen-module-affects-ibm-cloud-pak-for-multicloud-management-managed-service/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-gnu-binutils-affect-ibm-netezza-analytics-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-system-systems-are-affected-by-vulnerabilities-in-openssl/
- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-2161-may-affect-ibm-sdk-java-technology-edition/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-braces-and-netmask-module-affects-ibm-cloud-automation-manager/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-pcre-affects-ibm-sql-extensions-toolkit-for-nps/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-pug-pug-code-gen-module-affects-ibm-cloud-automation-manager/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-affects-ibm-developer-for-z-systems-2/