The official site for Saudi CERT
IBM Alert
2594
Warning Date
Severity Level
Warning Number
Target Sector
27 February, 2022
● High
2022-4440
All
IBM has released security updates to address several vulnerabilities in several products, mainly:
- IBM HTTP Server
- IBM WebSphere Application Server
- Java SE
- IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data
- IBM PowerVM Novalink
- Node.js
- IBM Watson Assistant for IBM Cloud Pak for Data
- Apache Log4j
- BM Content Navigator
- IBM Netezza for Cloud Pak for Data
- IBM Cloud Pak for Data System 2.0
- Lodash
- PowerHA
Attacker could exploit these vulnerabilities by doing the following:
- Execute arbitrary code remotely
- Denial of service attack (DoS)
- LDAP injection
- Bypass of a protection mechanism
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-websphere-application-server-and-ibm-application-server-liberty-due-to-january-2022-cpu-plus-deferred-cve-2021-35550-and-cv/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-httpclient-affects-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-http-server-used-by-ibm-websphere-application-server-due-to-expat-vulnerabilities/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-log4j-affects-some-features-of-ibm-db2-cve-2021-44832-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-35550-may-affect-ibm-sdk-java-technology-edition/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-java-se-affect-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data/
- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-35603-may-affect-ibm-sdk-java-technology-edition/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-the-aix-smbcd-daemon-cve-2021-38993/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-powervm-novalink-is-vulnerable-to-provide-weaker-than-expected-security-a-remote-attacker-could-exploit-this-weakness-to-obtain-sensitive-information-and-gain-unauthorized-acce/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-powervm-novalink-could-allow-a-remote-authenticated-attacker-to-conduct-an-ldap-injection/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-java-se-cve-2021-2161-may-affect-ibm-watson-assistant-for-ibm-cloud-pak-for-data/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-node-js-cve-2021-22930-may-affect-ibm-watson-assistant-for-ibm-cloud-pak-for-data/
- https://www.ibm.com/blogs/psirt/security-bulletin-due-to-use-of-apache-log4j-ibm-content-navigator-is-vulnerable-to-arbitrary-code-execution-cve-2021-45046-and-denial-of-service-cve-2021-45105/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-netezza-for-cloud-pak-for-data-is-vulnerable-to-arbitrary-code-execution-cve-2021-44142/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-node-js-cve-2021-22959-cve-2021-22960-may-affect-ibm-watson-assistant-for-ibm-cloud-pak-for-data/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-data-system-2-0-is-vulnerable-to-arbitrary-code-execution-due-to-samba-cve-2021-44142/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-bulletin-vulnerability-in-node-js-cve-2021-23362-cve-2021-22921-cve-2021-22918-cve-2021-27290-may-affect-ibm-watson-assistant-for-ibm-cloud-pak-for-data/
- https://www.ibm.com/blogs/psirt/security-bulletin-lodash-versions-prior-to-4-17-21-vulnerability-in-powerha-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-netezza-for-cloud-pak-for-data-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-4104/
Rate the content
Share the page
