IBM Updates
2174Warning Date
Severity Level
Warning Number
Target Sector
24 October, 2021
● High
2021-3731
All
Description:
IBM has released security updates to address several vulnerability in some of its products, mainly:
- Oracle Database Server
- IBM Emptoris Sourcing
- IBM Emptoris Contract Management
- IBM Emptoris Strategic Supply Management Platform
- IBM Emptoris Program Management
- IBM Emptoris Supplier Lifecycle Mgmt
- Node.js
- IBM Cloud Pak for Integration
- Watson Explorer
- OpenSSL
- IBM InfoSphere Master Data Management Server
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS)
- Execute arbitrary code -remotely
- Buffer overflow
- Code injection
- Take control of the system
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-security-vulnerability-affects-ibm-emptoris-sourcing-cve-2021-2351/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-master-data-management-server-vulnerability-in-openssl-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-contract-management-cve-2021-2351/
- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-strategic-supply-management-platform-cve-2021-2328/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-multiple-node-js-vulnerabilities-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-program-management-cve-2021-2329/
- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-contract-management-cve-2021-2329/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-exist-in-watson-explorer-cve-2021-35517-cve-2021-36090/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-urllib3-and-react-bootstrap-table-affect-ibm-spectrum-discover/
- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-program-management-cve-2021-2328/
- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-program-management-cve-2021-2351/
- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-security-vulnerability-affects-ibm-emptoris-contract-management-cve-2021-2328/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-master-data-management-server-vulnerability-in-openssl-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-master-data-management-server-vulnerability-in-openssl-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-sourcing-cve-2021-2328/
- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-supplier-lifecycle-mgmt-cve-2021-2351/
- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-sourcing-cve-2021-2329/
- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-strategic-supply-management-platform-cve-2021-2351/
- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-supplier-lifecycle-mgmt-cve-2021-2328/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-affect-watson-explorer-foundational-components-cve-2021-3712-cve-2021-3711/
- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-supplier-lifecycle-mgmt-cve-2021-2329/