IBM Alert
2086Warning Date
Severity Level
Warning Number
Target Sector
23 February, 2022
● High
2022-4420
All
IBM has released security updates to address several vulnerabilities in several products, mainly:
- IBM MQ
- IBM Sterling Global Mailbox
- IBM Java Runtime
- CICS Transaction Gateway
- IBM Java SDK
- Content Collector for Email
- Content Collector for File Systems
- Content Collector for Microsoft SharePoint
- Content Collector for IBM Connections
- CKeditor WYSIWYG editor
- IBM Sterling Global Mailbox
- Dojo
- IBM WebSphere Application Server
- Java
- IBM Cloud Application Business Insights
- Apache Log4j
- Cúram Social Program Management
- IBM Planning Analytics and IBM Planning Analytics Workspace
Attacker could exploit these vulnerabilities by doing the following:
- Execute arbitrary code remotely
- Denial of service attack (DoS)
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-mq-vulnerabilities-affect-ibm-sterling-global-mailbox/
- https://www.ibm.com/blogs/psirt/security-bulletin-february-2022-multiple-vulnerabilities-in-ibm-java-runtime-affect-cics-transaction-gateway/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-26/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-global-mailbox-is-vulnerable-to-denial-of-service-due-to-ckeditor-wysiwyg-editor-cve-2021-26271-cve-2021-26272/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-27/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-28/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-is-vulnerable-to-remote-code-execution-due-to-dojo-cve-2021-23450/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-29/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-global-mailbox-vulnerable-to-sensitive-information-exposure-due-to-jackson-data-mapper-cve-2019-10172/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-java-impact-ibm-cloud-application-business-insights-cve-2021-35550-cve-2021-35561-cve-2021-35603-and-cve-2021-41035/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-ibm-sdk-java-technology-edition-12/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-may-affect-cram-social-program-management-cve-2021-4104-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-and-ibm-planning-analytics-workspace-are-affected-by-security-vulnerabilities/