IBM Alert
2633Warning Date
Severity Level
Warning Number
Target Sector
8 May, 2022
● Medium
2022-4830
All
IBM has released security updates to address several vulnerabilities in the following products:
- IBM Maximo Asset Management
- 7.6.1.2
- IBM Cloud Object Storage Systems
- 3.16.5.58 or Prior Releases
- AIX
- 7.1
- 7.2
- 7.3
- VIOS
- 3.1
An attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS)
- Execute arbitrary code
- Information disclosure
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-ibm-spectrum-protect-operations-center-browsers-history-cve-2022-22484/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-multiple-vulnerabilities-cve-2022-22950-xfid217968/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-governance-and-intelligence-is-vulnerable-to-sensitive-information-disclosure-cve-2020-4957/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-potential-issue-in-jackson-databind-fasterxml-jackson-217968/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-case-manager-is-vulnerable-to-cross-site-scripting-cve-2020-4768/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-ibm-cloud-pak-system-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-may-be-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-1-2-cve-2021-4104/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-openssl-affect-ibm-cloud-object-storage-systems-may-2022-v1/
- https://www.ibm.com/blogs/psirt/security-bulletin-aix-is-vulnerable-to-a-denial-of-service-due-to-openssl-cve-2022-0778/