The official site for Saudi CERT
IBM Alert
2989
Warning Date
Severity Level
Warning Number
Target Sector
12 June, 2022
● High
2022-4936
All
Description:
IBM has released security updates to address several vulnerabilities in the following products, mainly:
- InfoSphere Information Server,
- Information Server on Cloud
- IBM Db2 Web Query for i
- IBM App Connect Enterprise
- IBM Integration Bus
- IBM Spectrum Copy Data Management
- Content Collector for File Systems
- Content Collector for Email
- Content Collector for IBM Connections
- IBM Spectrum Copy Data Management
Threats:
An attacker could exploit these vulnerabilities by doing the following:
- Execute arbitrary code
- Denial of service (DoS)
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates, mainly:
- An update on the Apache Log4j 2.x vulnerabilities - IBM PSIRT Blog
- Security Bulletin: A vulnerability in OpenSSL affects IBM InfoSphere Information Server (CVE-2022-0778) - IBM PSIRT Blog
- Security Bulletin: Due to use of Spring Framework, IBM Db2 Web Query for i is vulnerable to unprotected fields (CVE-2022-22968), remote code execution (CVE-2022-22965), and denial of service (CVE-2022-22950). - IBM PSIRT Blog
- Security Bulletin: IBM App Connect Enterprise & IBM Integration Bus are vulnerable to a denial of service, due to OpenSSL (CVE-2022-0778) - IBM PSIRT Blog
- Security Bulletin: Vulnerability in PostgreSQL may affect IBM Spectrum Copy Data Management - IBM PSIRT Blog
- Security Bulletin: CVE-2021-31805 may affect Apache Struts used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections - IBM PSIRT Blog
- Security Bulletin: CVE-2021-31805 may affect Apache Struts used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections - IBM PSIRT Blog
- Security Bulletin: CVE-2020-17530 may affect Apache struts2-core used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections - IBM PSIRT Blog
- Security Bulletin: Vulnerabilities in Golang Go, OpenSSL, Python, and XStream affect IBM Spectrum Copy Data Management - IBM PSIRT Blog
- Security Bulletin: Vulnerabilities in the Linux Kernel affect IBM Spectrum Copy Data Management - IBM PSIRT Blog
Rate the content
Share the page
