IBM Alert
1712Warning Date
Severity Level
Warning Number
Target Sector
13 February, 2022
● High
2022-4369
All
IBM has released security updates to address several vulnerabilities in the following products:
- InfoSphere Master Data Management
- 11.6
- 12.0
- The DS8000 Hardware Managment Console
- R9.1 - 89.1x.0.0
- R9.2 - 89.2x.0.0
- R8.5 - 88.5x.x.x
- Operations Dashboard
- 2020.4.1
- 2021.1.1
- 2021.2.1
- 2021.3.1
- 2021.4.1
- IBM Data Management Platform for EDB Postgres Standard for IBM Cloud Pak for Data
- 2.0
- 4.0.x
- IBM Sterling Connect:Direct for UNIX
- 6.2.0
- 6.1.0
- 6.0.0
- 4.3.0
- IBM Cognos Analytics Mobile
- 1.1.x
An attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS)
- Cross-site scripting (XSS)
- Obtain sensitive information
- SQL injection
- Remote code execution
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-used-by-ibm-master-data-management-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-used-by-ibm-master-data-management-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-ds8000-hardware-management-console-uses-apache-log4j-which-is-subject-to-a-vulnerability-alert-cve-2021-44228-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-operations-dashboard-is-vulnerable-to-arbitrary-code-execution-in-log4j-cve-2021-44832/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-used-by-ibm-master-data-management-6/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-used-by-ibm-master-data-management-7/
- https://www.ibm.com/blogs/psirt/security-bulletin-ds8000-hardware-management-console-is-vulnerable-to-apache-log4j-cve-2021-45105-and-cve-2021-45046-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-management-platform-for-edb-postgres-standard-and-enterprise-for-ibm-cloud-pak-for-data-are-vulnerable-to-sql-injection-from-man-in-the-middle-attack/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-unix-may-be-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-44832/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-used-by-ibm-master-data-management-8/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-mobile-is-affected-by-security-vulnerabilties/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-unix-may-be-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-44832-2/