IBM Updates
1606Warning Date
Severity Level
Warning Number
Target Sector
5 October, 2021
● High
2021-3617
All
Description:
IBM has released a security updates to address several vulnerabilities in its products, mainly:
- IBM Event Streams
- 2019.2.1
- 2019.4.1
- 2019.4.2
- 2019.4.3
- IBM Event Streams in IBM Cloud Pak for Integration
- 10.0.0
- 10.1.0
- 10.2.0
- 10.3.0
- 10.3.1
- IBM ILOG CPLEX Optimization Studio (COS)
- 20.1.0.1
- 20.1
- 12.10
- 12.9
- 12.8
- IBM Netezza Host Management
- All IBM Netezza Host Management starting 5.4.9.0
- Log Analysis
- 1.3.1
- 1.3.2
- 1.3.3
- 1.3.4
- 1.3.5
- 1.3.6
- 1.3.7
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Execute arbitrary code
- Escalation of privilege
- Denial of service (DoS)
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-the-community-edition-of-ibm-ilog-cplex-optimization-studio-is-affected-by-a-vulnerability-in-libcurl-cve-2021-22925/
- https://www.ibm.com/blogs/psirt/security-bulletin-the-community-edition-of-ibm-ilog-cplex-optimization-studio-is-affected-by-a-vulnerability-in-libcurl-cve-2021-22924/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-potentially-affected-by-multiple-node-vulnerabilities-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affected-by-potential-data-integrity-issue-cve-2020-25649-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affected-by-multiple-vulnerabilities-in-the-java-runtime/
- https://www.ibm.com/blogs/psirt/security-bulletin-the-community-edition-of-ibm-ilog-cplex-optimization-studio-is-affected-by-a-vulnerability-in-libcurl-cve-2021-22945/
- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-kernel-affect-ibm-netezza-host-management-14/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-solr-shipped-with-ibm-operations-analytics-log-analysis-susceptible-to-multiple-vulnerabilities-in-apache-tika/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-metadataextractor-used-by-apache-solr-affect-ibm-operations-analytics-log-analysis-analysis-cve-2019-14262/