IBM Alert
2702Warning Date
Severity Level
Warning Number
Target Sector
21 August, 2022
● High
2022-5148
All
Description:
IBM has released security updates to address several vulnerabilities in several products:
- IBM Robotic Process Automation for Cloud Pak
- OPENBMC
- HMC
- IBM MQ
- App Connect Enterprise Certified Container
- IBM Security Guardium
- IBM Spectrum Discover
- IBM Spectrum Control
- IBM DataPower Gateway V10CD
- IBM DataPower Gateway 10.0.1
- IBM DataPower Gateway 10.5.0
- IBM DataPower Gateway
- IBM Process Minin
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Execute arbitrary code
- Denial of service attack (DoS)
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-may-affect-ibm-robotic-process-automation-for-cloud-pak-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-may-affect-ibm-robotic-process-automation-for-cloud-pak-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-may-affect-ibm-robotic-process-automation-for-cloud-pak/
- https://www.ibm.com/blogs/psirt/security-bulletin-this-power-system-update-is-being-released-to-address-cve-2022-0778/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-explorer-is-vulnerable-to-an-xml-external-entity-injection-xxe-attack-cve-2022-22489/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-designerauthoring-operands-may-be-vulnerable-to-loss-of-confidentiality-due-to-cve-2022-35948-and-cve-2022-35949/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-25/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-discover-is-vulnerable-to-docker-cli-cve-2021-41092-and-apache-log4j-cve-2021-4104-cve-2022-23302-cve-2022-23305-cve-2022-23307-weaknesses-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-control-is-vulnerable-to-multiple-weaknesses-related-to-ibm-websphere-application-server-liberty-and-openssl-cve-2022-2068-cve-2022-2097-cve-2022-22475/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-affected-by-vulnerabilities-in-icu-cve-2017-14952-and-cve-2020-10531/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-eclipse-jetty-affects-ibm-process-mining-cve-2022-2048/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-eclipse-jetty-affects-ibm-process-mining-cve-2022-2048/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-24/