IBM Alert
2080Warning Date
Severity Level
Warning Number
Target Sector
31 August, 2022
● High
2022-5184
All
Description:
IBM has released a security update to address a vulnerability in the following product:
- IBM TRIRIGA Application
- IBM TRIRIGA Application Platform
- IBM TRIRIGA Application
- IBM Cloud Object Storage Systems
- IBM TRIRIGA Application
- IBM Cloud Transformation Advisor
- FOS
- IBM Jazz Reporting Service
- IBM Global Configuration Management
- IBM Engineering Workflow Management (EWM)
- Jazz Foundation
- IBM Engineering Lifecycle Optimization – Engineering Insights
- IBM Engineering Lifecycle Optimization – Method Composer
- BM Engineering Lifecycle Optimization – Publishing
- IBM Engineering Requirements Management DOORS Next
- IBM Engineering Test Management
- IBM Engineering Requirements Management
- IBM Engineering Lifecycle Optimization – Integration Adapters Tasktop Edition
- IBM TRIRIGA Application Platform
- IBM App Connect Enterprise
- IBM Integration Bus (Windows & Linux only)
Threats:
Attacker could exploit this vulnerability by doing the following:
- Denial of service attack (DoS)
- Excuate arbitaray code
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates
- https://www.ibm.com/blogs/psirt/security-bulletinibm-tririga-application-platform-may-be-be-afftected-by-known-vulnerabilities-in-db2jcc4-jar-cve-2007-2582/
- https://www.ibm.com/blogs/psirt/security-bulletin-tririga-is-vulnerable-to-remote-hacker-due-to-dom4j-open-source-2/
- https://www.ibm.com/blogs/psirt/security-bulletinibm-tririga-application-platform-discloses-cve-2021-30468/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-openjdk-gnutls-affect-ibm-cloud-object-storage-systems-august-2022v1/
- https://www.ibm.com/blogs/psirt/security-bulletinibm-tririga-application-platform-discloses-cve-2021-22696/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-vulnerable-to-multiple-vulnerabilities-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-fabric-os-firmware-used-by-ibm-b-type-san-directors-and-switches-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-the-ibm-engineering-lifecycle-engineering-products-on-ibm-jazz-technology-contains-additional-security-fixes-for-log4j-vulnerabilities-cve-2021-4104/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tririga-discloses-cve-2015-0254/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-and-ibm-app-connect-enterprise-are-vulnerable-to-a-denial-of-service-due-to-jackson-databind-cve-2020-36518-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-fabric-os-firmware-used-by-ibm-b-type-san-directors-and-switches/
- https://www.ibm.com/blogs/psirt/security-bulletinibm-tririga-application-platform-discloses-cross-site-scripting-cve-2021-41878/