The official site for Saudi CERT
IBM Alert
3440
Warning Date
Severity Level
Warning Number
Target Sector
1 February, 2022
● Critical
2022-4300
All
IBM has released a security update to address several vulnerabilities in its products, the most ones:
- IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes
- IBM Spectrum Protect Plus Container Backup and Restore for OpenShift
- App Connect Enterprise Certified Container
- IBM Security Verify Access Appliance
- IBM Security Verify Access Docker
- IBM TRIRIGA Indoor Maps
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Ecxuate Arbitrary Code
- Denial of service attack (DoS)
The CERT team encourages users to review IBM security advisory and apply the necessary updates, the most ones:
- An update on the Apache Log4j 2.x vulnerabilities - IBM PSIRT Blog
- Security Bulletin: Vulnerabilities in Golang Go, MinIO, and Python may affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and OpenShift - IBM PSIRT Blog
- Security Bulletin: IBM App Connect Enterprise Certified Container Designer Authoring operands and Integration Server operands that use the JDBC connector may be vulnerable to remote code execution due to CVE-2021-44228 - IBM PSIRT Blog
- Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45046) and denial of service due to Apache Log4j (CVE-2021-45105) - IBM PSIRT Blog
- Security Bulletin: IBM Security Verify Access fixed a security vulnerability in the product. - IBM PSIRT Blog
- Security Bulletin: IBM TRIRIGA Indoor Maps, a component of IBM TRIRIGA Portfolio Data Manager is vulnerable to arbitrary code execution due to Apache Log4j library vulnerability (CVE-2021-44228) - IBM PSIRT Blog
- An update on the Apache Log4j 2.x vulnerabilities - IBM PSIRT Blog
Rate the content
Share the page
