IBM Updates
2072Warning Date
Severity Level
Warning Number
Target Sector
7 October, 2021
● Medium
2021-3640
All
Description:
IBM has released a security updates to address several vulnerabilities in its products, mainly:
- IBM Sterling B2B Integrator
- 6.0.1.0 – 6.0.3.4
- 6.1.0.0 – 6.1.0.2
- 5.2.0.0 – 5.2.6.5_3
- 6.0.0.0 – 6.0.0.6
Attacker could exploit these vulnerabilities by doing the following:
- Execute arbitrary code
- Escalation of privilege
- Denial of service (DoS)
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-a-vulnerability-in-postgresql-cve-2021-32029/
- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affects-the-dashboard-user-interface-of-ibm-sterling-b2b-integrator-cve-2021-20553/
- https://www.ibm.com/blogs/psirt/security-bulletin-access-control-vulnerability-affects-myfilegateway-user-interface-of-ibm-sterling-file-gateway-cve-2021-20584/
- https://www.ibm.com/blogs/psirt/security-bulletin-session-fixation-vulnerability-affects-bm-sterling-file-gateway-cve-2021-20473/
- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerabilty-affects-ibm-sterling-file-gateway-user-interface-cve-2021-20552/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-wss4j-vulnerabilities-affect-ibm-sterling-b2b-integrator/
- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-request-forgery-vulnerability-affects-ibm-sterling-file-gateway-user-interface-cve-2021-20489/
- https://www.ibm.com/blogs/psirt/security-bulletin-access-control-vulnerability-affects-ibm-sterlng-file-gateway-cve-2021-20372/
- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affects-ibm-sterling-file-gateway-cve-2021-20481/
- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affects-the-dashboard-user-interface-of-ibm-sterling-b2b-integrator-cve-2021-20571/
- https://www.ibm.com/blogs/psirt/security-bulletin-access-security-control-vulnerability-affects-ibm-sterling-file-gateway-cve-2021-20375/
- https://www.ibm.com/blogs/psirt/security-bulletin-access-control-vulnerability-affects-ibm-sterling-file-gateway-cve-2021-20376/
- https://www.ibm.com/blogs/psirt/security-bulletin-xss-security-vulnerabilty-affects-mailbox-ui-of-ibm-sterling-b2b-integrator-cve-2021-20562-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-access-control-vulnerability-affects-myfilegateway-user-interface-of-ibm-sterling-file-gateway-cve-2021-20561/
- https://www.ibm.com/blogs/psirt/security-bulletin-informaton-disclosure-vulnerability-affects-the-dashboard-user-interface-of-ibm-stelring-b2b-integrator-cve-2021-29700/
- https://www.ibm.com/blogs/psirt/security-bulletin-bouncy-castle-vulnerabilities-affect-ibm-sterling-b2b-integrator/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-vulnerability-affects-ibm-sterling-b2b-integrator-cve-2020-4682/
- https://www.ibm.com/blogs/psirt/security-bulletin-eclipse-jetty-vulnerability-affects-ibm-sterling-b2b-integrator-cve-2020-27216/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerabilities-affect-ibm-sterling-b2b-integrator/
- https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-vulnerabilities-affect-the-b2b-api-of-ibm-sterling-b2b-integrator/
- https://www.ibm.com/blogs/psirt/security-bulletin-tibco-jasperreports-vulnerabilities-affect-ibm-sterling-b2b-integrator-cve-2020-9410-cve-2018-18809/