IBM Updates
1770Warning Date
Severity Level
Warning Number
Target Sector
1 September, 2021
● High
2021-3452
All
Description:
IBM has released security updates to address several vulnerability in the following products:
- IBM Planning Analytics Workspace
- IBM Planning Analytics Local 2.0
- Node.js, XStream and Apache Commons
- IBM Spectrum Control
- Golang
- IBM API Connect
- IBM Java Runtime
- IBM Sterling Secure Proxy
- IBM Maximo Asset Management
- Apache CXF
- IBM Tivoli Application Dependency Discovery Manager
- Drupal dated modernizr library
- IBM API Connect
- IBM Security Guardium
- Drupal core
- IBM API Connect
- IBM Java Runtime
- IBM Integration Bus and IBM App Connect Enterpise
- IBM Sterling External Authentication Server
- IBM OpenPages with Watson
- AIX kernel
- XStream
- Drupal CKEditor
- IBM API Connect
- Secure Gateway Client
- IBM DataPower Gateway
- Oracle MySQL
- IBM API Connect
- IBM DataPower Gateway
- Open Source Apache Tomcat
- IBM Tivoli Application Dependency Discovery Manager
- IBM DB2 shipped with IBM License Metric Tool v9
- IBM® Java SDK
- IBM Security Directory Suite
- IBM Security Identity Manager Virtual Appliance
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS)
- Unauthorized disclosure of information
- Cross-site scripting (XSS)
- Execute arbitrary code -remotely
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-10/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-xstream-and-apache-commons-affect-ibm-spectrum-control/
- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2773-deferred-from-oracle-apr-2020-cpu-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-service-tester-8/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-a-cross-site-scripting-vulnerability-in-drupal-core-sa-core-2021-002/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-sdk-technology-edition-affects-ibm-security-identity-manager-virtual-appliance-cve-2020-14782-cve-2020-14781-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-a-vulnerability-in-golang-cve-2021-31525/
- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-2161-may-affect-ibm-sdk-java-technology-edition-for-content-collector-for-sap-applications/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-runtime-affect-ibm-sterling-secure-proxy-cve-2020-27221-cve-2020-14782/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-stored-cross-site-scripting-cve-2021-29743/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-cxf-vulnerability-identified-in-ibm-tivoli-application-dependency-discovery-manager-cve-2021-30468/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-multiple-vulnerabilities-in-drupal-dated-modernizr-library/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilites-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-security-soar-cve-2021-2341-cve-2021-2369/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-a-vulnerability-in-drupal-core-cve-2021-32610/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-a-vulnerability-in-drupal-201714/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-runtime-affect-ibm-integration-bus-and-ibm-app-connect-enterpise-v11-v12-cve-2020-27221-7/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-cxf-publicly-disclosed-vulnerability-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-openpages-with-watson-has-addressed-a-remote-code-execution-vulnerability-cve-2021-29907/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-the-aix-kernel-cve-2021-29727-cve-2021-29801-cve-2021-29862/
- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-14781-deferred-from-oracle-oct-2020-cpu-for-java-8-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-resilient-app-host-uses-higher-permissions-than-required-for-containers-hosted-on-it/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-secure-proxy/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerability-cve-2021-29715/
- https://www.ibm.com/blogs/psirt/security-bulletin-xstream-publicly-disclosed-vulnerability-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-navigator-is-vulnerable-to-a-denial-of-service-vulnerabilty/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-a-vulnerability-in-drupal-ckeditor-cve-2021-33829/
- https://www.ibm.com/blogs/psirt/security-bulletin-update-secure-gateway-client-in-ibm-datapower-gateway-to-address-several-cves-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-bouncy-castle-affect-ibm-watson-machine-learning-accelerator/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-drupal-ckeditor-cve-2021-26271-cve-2021-26272/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-multiple-vulnerabilities-in-oracle-mysql-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-apr-2021/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-disaster-recovery-dr-system-allows-connections-over-tls-1-0-cve-2021-29704-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-22/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-query-monitor-fix-for-potential-jsse-vulnerability-psirt-255377/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-7/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-manager-virtual-appliance-deprecated-self-service-ui-contains-struts-v1-cve-2016-1182-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-secure-external-authentication-server/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-vulnerable-to-a-dos-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-cross-site-scripting-cve-2021-29744/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-sterling-external-authentication-server-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-a-vulnerability-in-drupal-ckeditor-cve-2020-27193/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-performance-tester-7/
- https://www.ibm.com/blogs/psirt/security-bulletin-api-connect-v5-is-potentially-vulnerable-to-code-injection-cve-2021-29772/
- https://www.ibm.com/blogs/psirt/security-bulletin-open-source-apache-tomcat-vulnerabilities-affect-ibm-tivoli-application-dependency-discovery-manager-cve-2021-30640/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-a-vulnerability-in-golang-cve-2020-24553/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-have-been-identified-in-ibm-db2-shipped-with-ibm-license-metric-tool-v9/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-a-vulnerability-in-golang-cve-2021-33194/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-a-vulnerability-in-drupal-cve-2021-33829/
- https://www.ibm.com/blogs/psirt/security-bulletin-xstream-publicly-disclosed-vulnerability-4/