IBM Updates
1718Warning Date
Severity Level
Warning Number
Target Sector
6 June, 2021
● High
2021-3000
All
Description:
IBM has released a security update to address several vulnerabilities in the following products:
- IBM Cloud Pak for Multicloud Management Infrastructure Management
- All
- IBM Cloud Automation Manager
- 4.2.0.1
- IBM Elastic Storage System
- 6.0.0 – 6.0.2.0
- IBM SQL Extensions Toolkit for NPS
- 11.2.0.0
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Sensitive information disclosure
- Execute arbitrary command
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilites-impacting-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-client-4-0-and-earlier-cve-2021-23839-cve-2021-23840-cve-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-jre-in-ibm-datapower-gateway/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-jre-in-ibm-datapower-gateway/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-the-ibm-elastic-storage-server-gui/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-oracle-mysql-vulnerabilities-12/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerability-impacting-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-client-4-0-and-earlier-cve-2020-1971/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-17/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-format-string-vulnerability-has-been-identified-in-ibm-spectrum-scale-packaged-in-ibm-ess-cve-2021-29740/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilites-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-cve-2020-17530-cve-2020-1971-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-the-ibm-elastic-storage-system-gui-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-curl-libcurl-vulnerabilites-impacting-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-client-4-0-and-earlier-cve-2020-8284-cve-2020-8286-c/