The official site for Saudi CERT
IBM Alert
2855
Warning Date
Severity Level
Warning Number
Target Sector
29 September, 2022
● High
2022-5292
All
IBM has released security updates to address several vulnerabilities in several products:
- FasterXML Jackson Databind and Apache Xerces
- IBM Spectrum Protect Backup-Archive Client
- IBM Spectrum Protect for Space Management
- IBM Spectrum Protect for Virtual Environments
- curl, systemd, and Golang Go
- IBM MQ Operator and Queue manager container images
- Eclipse Jetty
- Rational Service Tester
- Netty netty-codec
- Enterprise Content Management System Monitor
- Java
- UCV – UrbanCode Velocity
- Neko HTML
- IBM WebSphere Application Server Liberty
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS)
- Unauthorized modification
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-fasterxml-jackson-databind-and-apache-xerces-affect-ibm-spectrum-protect-backup-archive-client-ibm-spectrum-protect-for-space-management-and-ibm-spectrum-protec/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-operator-and-queue-manager-container-images-are-vulnerable-to-multiple-vulnerabilities-from-curl-systemd-and-golang-go/
- https://www.ibm.com/blogs/psirt/security-bulletin-rational-service-tester-contains-a-vulnerability-which-could-affect-eclipse-jetty-rational-service-tester-has-taken-steps-to-mitigate-this-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-enterprise-content-management-system-monitor-is-affected-by-a-vulnerability-cve-2021-37136-in-netty-netty-codec/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-java-dos-vulnerabilities-detected/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-liberty-is-vulnerable-to-a-denial-of-service-due-to-neko-html-cve-2022-24839/
Rate the content
Share the page
