The official site for Saudi CERT
IBM Alert
3050
Warning Date
Severity Level
Warning Number
Target Sector
19 July, 2022
● High
2022-5037
All
IBM has released security updates to address several vulnerabilities in several products, mainly:
- IBM Sterling Partner Engagement Manager
- IBM UrbanCode Build
- Apache Tomcat
- IBM Partner Engagement Manager
- IBM Tivoli Netcool Configuration Manager
- BM UrbanCode Release
- Apache Tomcat
Attacker could exploit these vulnerabilities by doing the following:
- Execute arbitrary code remotely
- Escalation of privilege
- LDAP injection
- Bypass of a protection mechanism
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-partner-engagement-manager-is-vulnerable-to-ldap-injection-cve-2022-22360/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-urbancode-build-is-vulnerable-to-a-bypass-of-security-restrictions-due-to-use-of-apache-tomcat-cve-2022-25762/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-partner-engagement-manager-is-vulnerable-to-improper-restriction-of-xxe-cve-2022-22358/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-configuration-manager-is-affected-by-vulnerability-that-could-allow-a-remote-attacker-to-execute-arbitrary-code-on-the-system-due-to-apache-log4j-earlier-than-2-0/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-urbancode-release-is-vulnerable-to-elevated-privileges-due-to-use-of-apache-tomcat-cve-2022-23181/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-urbancode-release-is-vulnerable-to-a-bypass-of-security-restrictions-due-to-use-of-apache-tomcat-cve-2022-25762/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-urbancode-release-is-vulnerable-to-a-denial-of-service-due-to-use-of-apache-tomcat-cve-2021-42340/
Rate the content
Share the page
