IBM Updates
1670Warning Date
Severity Level
Warning Number
Target Sector
14 September, 2021
● High
2021-3514
All
Description:
IBM has released security updates to address several vulnerability in some of its products, mainly:
- IBM DB2
- IBM Intelligent Operations Center
- IBM Security Verify Privilege Vault
- IBM Maximo Asset Management
- IBM® SDK, Java™ Technology Edition
- IBM Security Guardium
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS)
- Unauthorized disclosure of information
- Cross-site scripting (XSS)
- Execute arbitrary code -remotely
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-db2-affect-the-ibm-intelligent-operations-center-cve-2020-4701-cve-2020-4739/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-ibm-security-verify-privilege-vault-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-stored-cross-site-scripting-cve-2021-29743-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-spring-framework-vulnerability-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-24/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-ibm-sdk-java-technology-edition-9/
- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-in-ibm-financial-transaction-manager-for-swift-services/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-8/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-cross-site-scripting-cve-2021-29744-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-2341-may-affect-ibm-sdk-java-technology-edition/