The official site for Saudi CERT
IBM Alert
3161
Warning Date
Severity Level
Warning Number
Target Sector
16 June, 2022
● Medium
2022-4958
All
Description:
IBM has released security updates to address several vulnerabilities in the following products, mainly:
- Operations Dashboard
- 2020.4.1
- 2021.1.1
- 2021.2.1
- 2021.3.1
- 2021.4.1
- QRadar Advisor With Watson
- QRadar Advisor With Watson 2.5 – QRadar Advisor With Watson 2.6.2
- IBM HTTP Server
- 9.0
- 8.5
- 8.0
- 7.0
Threats:
An attacker could exploit these vulnerabilities by doing the following:
- Execute arbitrary code
- Denial of service (DoS)
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates, mainly:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-financial-transaction-manager-for-digital-payments-for-multi-platform-is-vulnerable-to-sql-injection-cve-2019-4575/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-java-se-affect-ibm-cics-tx-advanced/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-cve-2021-35550-in-java-se-affects-ibm-cics-tx-advanced/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-cve-2021-35603-in-java-se-affects-ibm-cics-tx-advanced/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-cve-2021-35550-in-java-se-affects-ibm-cics-tx-standard/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-cve-2021-35603-in-java-se-affects-ibm-txseries-for-multiplatforms/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-cve-2021-39028-in-websphere-application-server-liberty-affects-ibm-cics-tx-standard/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-cve-2021-35550-in-java-se-affects-ibm-txseries-for-multiplatforms/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilites-cve-2018-25031-and-cve-2021-46708-in-websphere-application-server-liberty-affect-ibm-cics-tx-advanced/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i-is-vulnerable-to-denial-of-service-and-cache-poisoning-attacks-due-to-flaws-in-isc-bind-cve-2022-0396-cve-2021-25220/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-z-transaction-processing-facility-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-java-se-affect-ibm-cics-tx-standard/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-cve-2021-35603-in-java-se-affects-ibm-cics-tx-standard/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilites-cve-2018-25031-and-cve-2021-46708-in-websphere-application-server-liberty-affect-ibm-cics-tx-standard/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-java-se-affect-ibm-txseries-for-multiplatforms/
- https://www.ibm.com/blogs/psirt/security-bulletin-operations-dashboard-is-vulnerable-to-denial-of-service-by-go-vulnerability-cve-2022-28327/
- https://www.ibm.com/blogs/psirt/security-bulletin-pip-as-used-by-ibm-qradar-advisor-with-watson-is-vulnerable-to-multiple-vulnerabilities-cve-2019-20916-cve-2021-3572-cve-2018-20225/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-http-server-used-by-ibm-websphere-application-server-2/
Rate the content
Share the page
