IBM Updates
1719Warning Date
Severity Level
Warning Number
Target Sector
2 June, 2021
● High
2021-2981
All
Description:
Dell EMC has released security update to address multiple vulnerabilities in its products, the most important one:
- Content Collector for Email
- 4.0.x
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Cross-site scripting (XSS)
Best practice and Recommendations:
The CERT team encourages users to review Dell EMC security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-14782/
- https://www.ibm.com/blogs/psirt/security-bulletin-embedded-websphere-application-server-is-vulnerable-to-apache-myfaces-which-affects-content-collector-for-email/
- https://www.ibm.com/blogs/psirt/security-bulletin-embedded-websphere-application-server-is-affected-by-vulnerability-in-dojo-which-affects-content-collector-for-email/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-14781/
- https://www.ibm.com/blogs/psirt/security-bulletin-embedded-websphere-application-server-is-vulnerable-to-an-xml-external-entity-xxe-injection-attack-and-affects-content-collector-for-email/