The official site for Saudi CERT
IBM Alert
2744
Warning Date
Severity Level
Warning Number
Target Sector
17 May, 2022
● Critical
2022-4838
All
Description:
IBM has released security updates to address several vulnerabilities in the following products, mainly:
- IBM MQ Operator CD Release
- v1.7.2
- IBM MQ Operator EUS Release
- v1.3.2
- IBM MQ Advanced Server Container image
- v9.2.4.0-r1,9.2.0.4-r1-eus
- IBM Security Identity Governance and Intelligence
- 5.2.6
- IBM Security Verify Governance
- 10.0.1
- IBM MQ Operator CD release
- 1.8.2
- IBM MQ Operator EUS release
- 1.3.2
- IBM Supplied MQ Advanced Queue Manager Container images
- 9.2.5.0-r1, 9.2.0.4-r1
- IBM Process Mining
- 1.12.0.3
Threats:
An attacker could exploit these vulnerabilities by doing the following:
- Execute arbitrary code
- Denial of service attack (DoS)
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates, mainly:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-operator-and-ibm-supplied-mq-advanced-container-images-are-vulnerable-to-multiple-issues-from-red-hat-ubi-packages-and-the-ibm-websphere-application-server-liberty/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-governance-and-intelligence-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-4104/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-governance-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-4104/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-operator-and-queue-manager-container-images-are-vulnerable-to-multiple-vulnerabilities-from-expat-golang-go-gcc-openssl-and-libxml/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-process-mining-is-vulnerable-to-dos-due-to-eclipse-jetty-cve-2018-12545/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-process-mining-is-vulnerable-to-phishing-attacks-due-to-uri-js-cve-2022-0868/
Rate the content
Share the page
