IBM Alert
47617Warning Date
Severity Level
Warning Number
Target Sector
4 August, 2022
● Critical
2022-5096
All
IBM has released security updates to address several vulnerabilities in several products:
- IBM Data Risk Manager
- IBM Db2 On Openshift, IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data
- IBM Sterling B2B Integrator
- IBM Sterling File Gateway
- IBM Tivoli Application Dependency Discovery Manager
- IBM Watson Discovery for IBM Cloud Pak for Data
- IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data
Attacker could exploit these vulnerabilities by doing the following:
- Execute arbitrary code
- Denial of service attack (DoS)
- Bypass of a protection mechanism
- Buffer overflow
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-heap-based-buffer-overflow-in-perl-cve-2018-18313/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-apache-tika-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-db2-on-openshift-ibm-db2-on-cloud-pak-for-data-and-db2-warehouse-on-cloud-pak-for-data/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-file-gateway-is-affected-by-a-remote-code-execution-in-spring-framework-cve-2022-22965-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-heap-based-buffer-overflow-in-perl-cve-2020-10543/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-an-integer-overflow-in-perl-cve-2020-10878/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-heap-based-buffer-overflow-in-perl-cve-2018-18312/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-heap-based-buffer-overflow-in-rsyslog-cve-2022-24903/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-affected-by-multiple-vulnerabilities-including-remote-code-execution-in-apache-log4j-1-x/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-struts-affect-ibm-tivoli-application-dependency-discovery-manager-cve-2021-31805-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-heap-based-buffer-overflow-in-perl-cve-2018-18314/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-denial-of-service-caused-by-a-buffer-overflow-in-twisted-cve-2022-21716/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-an-http-request-smuggling-issue-in-twisted-cve-2022-24801/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-b2b-integrator-is-affected-by-a-remote-code-execution-in-spring-framework-cve-2022-22965-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-cookie-and-authorization-header-exposure-in-twisted-cve-2022-21712/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-nginx-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-heap-based-buffer-overflow-in-perl-cve-2018-18311/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-pyjwt/