The official site for Saudi CERT
IBM Alert
19526
Warning Date
Severity Level
Warning Number
Target Sector
7 August, 2022
● High
2022-5100
All
IBM has released security updates to address several vulnerabilities in several products:
- IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data
- IBM Security Identity Manager virtual appliance
- IBM Watson Speech Services Cartridge for IBM Cloud Pak
- IBM Sterling Connect:Direct for UNIX Certified Container
- QRadar User Behavior Analytics
Attacker could exploit these vulnerabilities by doing the following:
- Execute arbitrary code
- Denial of service attack (DoS)
- Buffer overflow
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-arbitrary-code-execution-in-ms-visual-studio-cve-2021-21300/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-arbitrary-command-execution-in-git-cve-2018-1000021/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-manager-virtual-appliance-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-and-issues-in-other-open-source-components-cve-2021-4104/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-denial-of-service-in-golang-go-cve-2022-24675/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-denial-of-service-in-golang-go-cve-2022-23772/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-denial-of-service-in-golang-go-cve-2022-28327/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-denial-of-service-in-golang-go-cve-2022-24921/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-denial-of-service-in-golang-go-cve-2022-23806/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-arbitrary-code-execution-in-ms-visual-studio-cve-2022-24765/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-buffer-overflow-in-perl-cve-2020-12723/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-security-restrictions-bypass-in-lxml-cve-2021-43818/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-unix-certified-container-is-affected-by-denial-of-service-vulnerability-in-version-1-1-1k-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jquery-ui-highcharts-and-datatables-are-affecting-qradar-user-behavior-analytics-cve-2021-41182-cve-2021-41183-cve-2021-41184-cve-2021-23445-cve/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerabilities-in-spark-and-zookeeper-affect-qradar-user-behavior-analyticscve-2021-4104/
Rate the content
Share the page
