IBM Updates
1505Warning Date
Severity Level
Warning Number
Target Sector
19 October, 2021
● High
2021-3699
All
Description:
IBM has released a security update to address several vulnerabilities in its products:
- IBM i
- 7.4 – 7.1
- IBM Security Risk Manager on CP4S
- CP4S 1.7.0.0
- IBM Sterling B2B Integrator
- 5.2.0.0 – 5.2.6.5_4
- IBM Sterling B2B Integrator
- 6.0.0.0 – 6.0.0.6, 6.0.1.0 – 6.0.3.4
- IBM Sterling B2B Integrator
- 6.1.0.0 – 6.1.0.3
- IBM Storwize V7000 Unified
- 1.6.0.0 – 1.6.2.9
- IBM Security Risk Manager on CP4S
- CP4S 1.7.2.0
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Sensitive information disclosure
Best practice and Recommendations:
- The CERT team encourages users to review IBM security advisory and apply the necessary updates, the most important ones:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-risk-manager-on-cp4s-is-affected-by-multiple-vulnerabilities/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-ibm-storwize-v7000-unified-cve-2021-2341/
- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affects-dashboard-ui-of-ibm-sterling-b2b-integrator-cve-2021-29764/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-risk-manager-on-cp4s-is-affected-by-multiple-vulnerabilities-cve-2020-15168-cve-2021-29912/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-sdk-and-ibm-java-runtime-for-ibm-i-are-affected-by-cve-2021-2369-and-cve-2021-2432/