The official site for Saudi CERT
IBM Updates
2405
Warning Date
Severity Level
Warning Number
Target Sector
23 September, 2021
● Critical
2021-3563
All
Description:
IBM has released a security update to address several vulnerabilities in its products,the most important ones:
- DataQuant for z/OS
- 2.1
- DB2 Query Management Facility for z/OS
- 11.2.1
- DB2 Query Management Facility for z/OS
- 12.1
- Query Management Facility Classic Edition
- 11.1
- DB2 Query Management Facility for z/OS
- 12.2
- Query Management Facility Enterprise Edition
- 11.1
- DB2 Query Management Facility for z/OS
- 11.2
- DB2 Query Management Facility for z/OS
- 11.1
- IBM Cloud Pak System
- 2.3.x.x
- IBM Cloud Object Storage Systems
- Most of the versions
- IBM Security Verify Bridge
- All
- IBM WIoTP MessageGateway
- 5.0.0.1
- IBM IoT MessageSight
- 5.0.0.0
- 2.0.0.2
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Take control of the system
- Denial of service (DoS)
Best practice and Recommendations:
- The CERT team encourages users to review IBM security advisory and apply the necessary updates, the most important ones:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-tech-edition-quarterly-cpu-jul-2021-includes-oracle-jul-2021-cpu-minus-cve-2021-2341-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-tech-edition-quarterly-cpu-jul-2021-includes-oracle-jul-2021-cpu-minus-cve-2021-2341/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-vmware-affect-ibm-cloud-pak-system-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-cloud-object-storage-systems-sept-2021-v1/
- https://www.ibm.com/blogs/psirt/security-bulletinmultiple-vulnerabilities-fixed-in-ibm-security-verify-bridge-docker/
Rate the content
Share the page
