IBM Updates
2715Warning Date
Severity Level
Warning Number
Target Sector
25 July, 2022
● High
2022-5062
All
Description:
IBM has released security updates to address several vulnerabilities in several products:
- IBM Cloud Pak for Multicloud Management Infrastructure Management
- Log Analysis
- IBM Sterling File Gateway
- IBM OpenPages with Watson versions 8.1 through 8.2.0.4.2
- IBM Security Verify Information Queue
- Log Analysis
- IBM Cloud Pak for Multicloud Management Infrastructure Management
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Execute arbitrary code remotely
- Bypass of a protection mechanism
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-node-forge-affects-ibm-cloud-pak-for-multicloud-management-managed-services-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-from-log4j-affect-ibm-operations-analytics-log-analysis-cve-2019-17571-cve-2020-9488/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-apache-struts-affect-ibm-sterling-file-gateway-cve-2019-0233-cve-2019-0230-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-openpages-with-watson-has-addressed-apache-log4j-vulnerability-cve-2022-23307/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-from-log4j-core-2-16-0-jar-affect-ibm-operations-analytics-log-analysis-cve-2021-44832-cve-2021-45105-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-log4j-1-2-16-jar-used-by-ibm-operations-analytics-log-analysis/
- https://www.ibm.com/blogs/psirt/security-bulletin-session-cookie-used-by-ibm-security-verify-information-queue-is-not-properly-secured-cve-2022-35284/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-node-forge-affects-ibm-cloud-pak-for-multicloud-management-managed-services/