The official site for Saudi CERT
IBM Alert
2733
Warning Date
Severity Level
Warning Number
Target Sector
18 May, 2022
● Critical
2022-4845
All
Description:
IBM has released security updates to address several vulnerabilities in the following products, mainly:
- IBM MobileFirst Foundation
- 8.0.0.0
- IBM Spectrum Protect Plus
- 10.1.0.0-10.1.9.3
- IBM Netezza Performance Portal
- IBM Netezza Performance Portal
- IBM Sterling Connect:Express for UNIX
- 1.5
- IBM DataPower Gateway V10CD
- 10.0.2.0-10.0.3.0
- IBM DataPower Gateway 10.0.1
- 10.0.1.0-10.0.1.5
- IBM DataPower Gateway 2018.4.1
- 2018.4.1.0-2018.4.1.18
Threats:
An attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS)
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates, mainly:
- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclosed-vulnerability-affects-ibm-mobilefirst-platform-foundation-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-heap-based-buffer-overflow-in-mozilla-network-security-services-nss-may-affect-ibm-spectrum-protect-plus-cve-2021-43527/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-http-server-affect-ibm-netezza-performance-portal-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectexpress-for-unix-is-vulnerable-to-denial-of-service-due-to-openssl-cve-2022-0778/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectexpress-for-unix-is-vulnerable-to-denial-of-service-due-to-openssl-cve-2022-0778/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-update-redis-to-remediate-two-cves/
Rate the content
Share the page
