Your review has been sent successfully

IBM Updates

3479
Classification
These posts contain security alerts, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

Warning Date

Severity Level

Warning Number

Target Sector

23 December, 2021

● Critical

2021-4136

All

Description:

IBM has released security updates to address several vulnerabilities in the following products:

Products that affected by the Apache Log4j vulnerability:

  • IBM Business Automation Workflow
    • V21.0
    • V20.0
    • V19.0
    • V18.0
  • IBM Business Process Manager
    • V8.6
    • V8.5
  • WebSphere Service Registry and Repository V8.5
    • WebSphere Application Server V8.5.5
  • IBM Spectrum LSF Application Center
    • 10.2
  • IBM Spectrum LSF Explorer
    • 10.2
  • IBM Cloud Pak for Applications, all versions
    • WebSphere Application Server
      • 9.0
      • 8.5
  • IBM Cloud Pak for Applications
    • 4.3 IBM Cloud Transformation Advisor, v2.5.0
  • IBM Spectrum LSF
    • 10.1.x
  • IBM Case Manager
    • 5.3CD
    • 5.2.1
    • 5.2.0
    • 5.1.1
  • IBM WebSphere Hybrid Edition
    • all IBM Cloud Transformation Advisor, v2.5.0
  • IBM Sterling Partner Engagement Manager Standard and Essentials
    • 6.1.2.3.2 / 6.2.0.1.1
  • IBM Cloud Object Storage File Access (COS FA)
    • 7.0.0
  • Netcool Operations Insight 1.6
    • Netcool Operations Insight 1.6
  • IBM Netcool Agile Service Manager
    • 1.1
  • IBM Jazz Reporting Service
    • 6.0.6.1
    • 7.0
    • 6.0.6
    • 7.0.1
  • ELM
    • 7.0.1
    • 7.0
    • 6.0.6.1
    • 6.0.6
  • Rhapsody DM
    • 6.0.6
    • 6.0.6.1
  • RMM
    • 7.0.1
    • 6.0.6.1
    • 6.0.6
    • 7.0
  • RDNG
    • 6.0.6.1
    • 6.0.6
    • 7.0.2
  • DOORS Next
    • 7.0
    • 7.0.1
  • Global Configuration Management
    • 6.0.6-7.0.1
  • RTC
    • 6.0.6
    • 6.0.6.1
  • RELM
    • 6.0.6.1
    • 6.0.6
  • ENI
    • 7.0.1
    • 7.0
  • ETM
    • 7.0.1
    • 7.0.0
  • RQM
    • 6.0.6
  • EWM
    • 7.0.1
    • 7.0
  • IBM Financial Transaction Manager for SWIFT Services for Multiplatforms
    • 3.2.4
  • IBM Spectrum Scale
    • 5.0.5.0 – 5.0.5.11
    • 5.1.0.0 – 5.1.2.1
  • IBM Spectrum Scale on AWS Marketplace Spectrum Scale
    • 5.0.5.3 BYOL v1.3.1
  • IBM Spectrum Scale container native storage access
    • All versions
  • IBM App Connect Enterprise
    • V11.0.0.7 to V11.0.0.15
  • IBM App Connect Enterprise
    • V12.0.1.0 to V12.0.3.0
  • IBM i
    • 7.4
    • 7.3
    • 7.2
    • 7.1
  • IBM® Db2® On Openshift
  • IBM® Db2® and Db2 Warehouse® on Cloud Pak for Data
  • App Connect for Manufacturing
    • 2.0.0.5 to 2.0.0.7
  • IBM Informix Dynamic Server
    • 14.10.FC6
    • 14.10.FC7
  • IBM Informix Dynamic Server
    • 12.10.xC15
  • App Connect Professional
    • 7.5.4.0
  • IBM Watson Studio Premium Add On in Cloud Pak for Data
  • Watson Machine Learning in Cloud Pak for Data
  • IBM Cloud Private
    • 3.1.1
    • 3.1.2
    • 3.2.0
    • 3.2.1 CD
    • 3.2.2 CD
  • IBM Cloud Integration Platform
  • IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data
    • 4.0.0 – 4.0.3
    • 1.2.0 -1.2.1 (Cloud Pak 3.5)
  • OPENBMC
    • OP910
  • Operations Dashboard
  • IBM Security Access Manager Appliance
    • 9.0.0.0 – 9.0.7.2
  • IBM Security Access Manager Docker
    • 9.0.5.0 – 9.0.7.2
  • Netcool/OMNIbus
    • 8.1.0.25
    • 8.1.0.26
  • IBM Tivoli Netcool Impact
    • 7.1.0
  • SPSS Collaboration and Deployment Services
    • 8.3
  • Sterling Connect Direct File Agent
    • 1.4
  • IBM Cognos Controller
    • 10.4.2
  • IBM Cloud Object Storage Systems
    • Long Term Support Release – 3.16.0.53 and Prior 3.16.0 Releases
    • Active Release – 3.16.2.57 and Prior 3.16.2 and 3.16.1 Releases
  • IBM Planning Analytics Workspace
    • 2.0.57 or higher.
  • IBM Cloud Application Business Insights
    • 1.1.7
    • 1.1.6
    • 1.1.5

Threats:

An attacker could exploit these vulnerabilities by doing the following:

  • Denial of service attack (DoS)
  • Cross-site scripting (XSS)
  • Information disclosure
  • Redirect a user to a malicious web page
  • Remote code execution

Best practice and Recommendations:

The CERT team encourages users to review IBM security advisory and apply the necessary updates:

Last updated at 23 December, 2021

Rate the content

rate-icon
up icon