The official site for Saudi CERT
IBM Alert
13340
Warning Date
Severity Level
Warning Number
Target Sector
26 September, 2022
● High
2022-5272
All
IBM has released security updates to address several vulnerabilities in several products:
- PowerSC
- 1.3
- 2.0
- 2.2
- IBM CICS TX Advanced
- 10.1
- 11.1
- IBM Security Guardium
- 11.1
- 11.2
- 11.3
- 11.4
- IBM CICS TX Standard
- All
- Partner Engagement Manager
- 2.0
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service (DoS)
- Execute arbitrary code
- Bypass security restrictions
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-curl-affect-powersc-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cics-tx-advanced-is-vulnerable-to-spoofing-due-to-a-flaw-in-eclipse-paho-used-by-ibm-websphere-application-server-liberty-cve-2019-11777/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-cve-2018-10237-cve-2020-8908-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-shiro-publicly-disclosed-vulnerability-affects-ibm-partner-engagement-manager-cve-2022-32532/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cics-tx-standard-is-vulnerable-to-spoofing-due-to-a-flaw-in-eclipse-paho-used-by-ibm-websphere-application-server-liberty-cve-2019-11777/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-30/
- https://www.ibm.com/blogs/psirt/security-bulletin-xml-external-entity-injection-xxe-attack-affects-ibm-partner-engagement-manager-cve-2022-34348/
- https://www.ibm.com/blogs/psirt/security-bulletin-improper-restriction-of-xml-external-entity-reference-in-liquibase-prior-to-4-8-0-affects-ibm-partner-engagement-manager-cve-2022-0839/
Rate the content
Share the page
