IBM Updates
1946Warning Date
Severity Level
Warning Number
Target Sector
5 December, 2021
● High
2021-3973
All
Description:
IBM has released security updates to address several vulnerabilities in several products:
- IBM Cloud Automation Manager
- 4.2.0.1
- EDB PostgreSQL with IBM
- EDB Postgres Advanced Server with IBM
- 13.1
- IBM Data Management Platform for EDB Enterprise
- IBM Data Management Platform for EDB Standard
- 2.0.0 SR1 (includes EDB v12)
- IBM Data Management Platform for EDB Enterprise
- 1.0.0
- IBM QRadar SIEM 7.3.0 to 7.3.3 Fix Pack 9
- IBM QRadar SIEM 7.4.0 to 7.4.3 Fix Pack 2
- IBM Data Studio Client
- 4.1.x
- IBM Event Streams in IBM Cloud Pak for Integration
- 10.0.0
- 10.1.0
- 10.2.0
- 10.3.0
- 10.3.1
- 10.4.0
Threats:
An attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS)
- Unauthorized disclosure of information
- Arbitrary code execution
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-jsonpointer-module-affects-ibm-cloud-automation-manager/
- https://www.ibm.com/blogs/psirt/security-bulletin-edb-postresql-with-ibm-edb-postgres-advanced-server-with-ibm-ibm-data-management-platform-enterprise-standard-are-vulnerable-to-an-sql-injection-cve-2021-23214/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-12/
- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-2161-may-affect-ibm-sdk-java-technology-edition-used-by-ibm-data-studio-client/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-vm2-module-affects-ibm-cloud-automation-manager/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-sdk-and-ibm-java-runtime-affects-ibm-qradar-siem-cve-2021-2161-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-affected-by-potential-buffer-overflow-in-golang-cve-2021-38297/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-weaker-than-expected-cryptographic-algorithms-cve-2021-20400-2/