The official site for Saudi CERT
IBM Alert
2913
Warning Date
Severity Level
Warning Number
Target Sector
19 June, 2022
● High
2022-4969
All
Description:
IBM has released security updates to address several vulnerabilities in the following products, mainly:
- IBM Cloud Object Storage Systems
- IBM Integration Bus
- 10.0.0.0 – 10.0.0.25
- IBM DataPower Gateway
- V10CD10.0.2.0-10.0.4.0
- IBM DataPower Gateway
- 10.0.110.0.1.0-10.0.1.6
- QRadar WinCollect Agent
- 10.0
- QRadar WinCollect Agent
- 10.0.1
- IBM Security Guardium
- 10.5
- 10.6
- 11.0
- 11.1
- 11.2
- 11.3
- 11.4
- StoredIQ
- 7.6.0.0 – 7.6.0.22
Threats:
An attacker could exploit these vulnerabilities by doing the following:
- Execute arbitrary code
- Denial of service (DoS)
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates, mainly:
- https://www.ibm.com/blogs/psirt/security-bulletin-cram-social-program-management-is-affected-by-session-timeout-issues-cve-2022-22318-cve-2022-22317/
- https://www.ibm.com/blogs/psirt/security-bulletin-aix-is-vulnerable-to-a-denial-of-service-due-to-lpd-cve-2022-22444-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-cram-social-program-management-may-be-affected-by-denial-of-service-vulnerability-in-jdom-cve-2021-33813/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-analytic-accelerator-framework-for-communication-service-providers-ibm-customer-and-network-analytics-for-communications-service-providers-and-datasets-impacted-by-log4j-v-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-robotic-process-automation-is-vulnerable-to-configuration-credentials-unencrypted-in-system-memory-cve-2022-22414/
- https://www.ibm.com/blogs/psirt/security-bulletin-cram-social-program-management-may-be-affected-by-denial-of-service-vulnerability-in-jackson-databind-217968/
- https://www.ibm.com/blogs/psirt/security-bulletin-potential-module-resolution-error-in-datapower-operator/
- https://www.ibm.com/blogs/psirt/security-bulletin-an-unspecified-vulnerability-in-java-runtime-affects-ibm-spss-cve-2021-35550/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-kernel-eclipse-jetty-and-openjdk-affect-ibm-cloud-object-storage-systems-june-2022/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-is-vulnerable-to-arbitrary-code-execution-due-to-json-schema-cve-2021-3918/
- https://www.ibm.com/blogs/psirt/security-bulletin-potential-denial-of-service-in-ibm-datapower-gateway-cve-2022-23806/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-wincollect-is-vulnerable-to-using-components-with-known-vulnerabilities/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-apache-thrift-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-storediq-is-vulnerable-to-denial-of-service-and-remote-code-execution-in-apache-log4j-cve-2021-44228-cve-2021-45046/
- https://www.ibm.com/blogs/psirt/security-bulletin-storediq-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-44228/
Rate the content
Share the page
