IBM Alert
2948Warning Date
Severity Level
Warning Number
Target Sector
7 September, 2022
● Critical
2022-5207
All
scription:
IBM has released a security update to address a vulnerability in the following products:
- IBM Planning Analytics Workspace 2.0
- IBM Business Automation Workflow containers
- V22.0.1 – V22.0.1-IF001
- 21.0.3 – V21.0.3-IF011
- V21.0.2 all fixes
- V20.0.0.2 all fixes
- V20.0.0.1 all fixes
- IBM Business Automation Workflow traditional
- V22.0.1
- V21.0.1 – V21.0.3
- V20.0.0.1 – V20.0.0.2
- V19.0.0.1 – V19.0.0.3
- V18.0.0.0 – V18.0.0.2
- IBM SPSS Analytic Server
- 3.4
- IBM Sterling Connect:Direct for UNIX
- 6.2.0.0 – 6.2.0.4.iFix017
- 6.1.0.0 – 6.1.0.4.iFix061
- 6.0.0.0 – 6.0.0.2.iFix135
- 4.3.0.0 – 4.3.0.1.iFix101
Threats:
Attacker could exploit this vulnerability by doing the following:
- Excuate arbitaray code
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-multiple-vulnerabilities-cve-2022-22968-cve-2022-24785-cve-2017-18214-cve-2016-4055-cve-2018-1000613-cve-2020-15522-cve-2018-1/
- https://www.ibm.com/blogs/psirt/security-bulletin-spoofing-vulnerability-affect-ibm-business-automation-workflow-process-federation-server-component-cve-2018-25013/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-unix-is-vulnerable-to-remote-code-execution-due-to-apache-commons-configuration-cve-2022-33980/