IBM Updates
1731Warning Date
Severity Level
Warning Number
Target Sector
10 October, 2021
● High
2021-3649
All
Description:
IBM has released a security updates to address several vulnerabilities in its products, mainly:
- IBM Tivoli Application Dependency Discovery Manager
- 7.3.0.0-7.3.0.8
- IBM Watson Machine Learning Accelerator
- 2.2.x, 2.3.0, 2.3.1
- Platform Navigator in IBM Cloud Pak for Integration (CP4I)
- 2020.4.1
- 2021.1.1
- 2021.2.1
- 2020.4.1
- 2021.1.1
- 2021.2.1
- App Connect Enterprise Certified Container
- 1.0 with Operator
- 1.1 with Operator
- 1.2 with Operator
- 1.3 with Operator
- 1.4 with Operator
- 1.5 with Operator
Attacker could exploit these vulnerabilities by doing the following:
- Execute arbitrary code
- Escalation of privilege
- Denial of service (DoS)
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jul-2021-includes-oracle-jul-2021-cpu/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-spring-framework-affects-ibm-watson-machine-learning-accelerator/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-go-vulnerability-cve-2021-31525/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-designers-may-be-vulnerable-to-arbitrary-code-execution-via-cve-2021-3757/