The official site for Saudi CERT
IBM Alert
2259
Warning Date
Severity Level
Warning Number
Target Sector
24 March, 2022
● Critical
2022-4556
All
Description:
IBM has released security updates to address several vulnerabilities in the following products, mainly:
- IBM Sterling Order Management
- IBM Security Verify Governance, Identity Manager virtual appliance component
- PowerHA SystemMirror
- IBM Cloud Object Storage Systems
- IBM Sterling Order Management
- IBM License Metric Tool
- IBM Transformation Extender Advanced
- WebSphere Service Registry and Repositor
- Db2 Big SQL on HDP, CDP
- Db2 Big SQL on Cloud Pak for Data
- WebSphere Service Registry and Repository
- IBM Transformation Extender Advanced
- Cloudera Data Platform Private Cloud Base for IBM
- IBM HTTP Server
- IBM WebSphere Extreme Scale
- IBM Elastic Storage System
Threats:
An attacker could exploit these vulnerabilities by doing the following:
- Execute arbitrary code
- Denial of service attack (DoS)
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates, mainly:
- Security Bulletin: IBM Sterling Order Management Apache Struts vulnerablity - IBM PSIRT Blog
- Security Bulletin: IBM Security Verify Governance, Identity Manager virtual appliance component is vulnerable to denial of service (CVE-2021-38951) - IBM PSIRT Blog
- Security Bulletin: Lodash versions prior to 4.17.21 vulnerability in PowerHA System Mirror for AIX - IBM PSIRT Blog
- Security Bulletin: Vulnerabilities with Expat affect IBM Cloud Object Storage Systems (Mar 2022 V1) - IBM PSIRT Blog
- Security Bulletin: IBM Sterling Order Management Apache Struts vulnerablity - IBM PSIRT Blog
- Security Bulletin: A vulnerability in Java affects IBM License Metric Tool v9 (CVE-2021-35578). - IBM PSIRT Blog
- Security Bulletin: IBM Transformation Extender Advanced is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104) - IBM PSIRT Blog
- Security Bulletin: Multiple vulnerabilities in WebSphere Service Registry and Repository in packages such as Apache Struts and Node.js - IBM PSIRT Blog
- Security Bulletin: IBM Db2 Big SQL is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-45046, CVE-2021-45105) - IBM PSIRT Blog
- Security Bulletin: Vulnerability in Apache log4j affects WebSphere Service Registry and Repository (CVE-2021-4104) - IBM PSIRT Blog
- Security Bulletin: IBM Transformation Extender Advanced is vulnerable to LDAP injection due to WebSphere Application Server Liberty (CVE-2021-39031) - IBM PSIRT Blog
- Security Bulletin: Cloudera Data Platform Private Cloud Base with IBM products have log messages vulnerable to arbitrary code execution, denial of service, remote code execution, and SQL injection due to Apache Log4j vulnerabilities - IBM PSIRT Blog
- Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server (CVE-2022-22719, CVE-2022-22720, CVE-2022-22721) - IBM PSIRT Blog
- Security Bulletin: IBM WebSphere eXtreme Scale is vulnerable to arbitrary code execution due to Apache Log4j v1.x (CVE-2022-23307) - IBM PSIRT Blog
- Security Bulletin: Vulnerability in Apache Log4j affects IBM Elastic Storage System (CVE-2021-4104) - IBM PSIRT Blog
Rate the content
Share the page
