IBM Updates
1623Warning Date
Severity Level
Warning Number
Target Sector
1 August, 2021
● High
2021-3283
All
Description:
IBM has released a security update to address several vulnerabilities in some of its products, mainly:
- IBM i2 Analyst's Notebook Premium
- IBM i2 Analyze 4.3.2
- AIX
- 7.1
- 7.2
- VIOS
- 3.1
- Partner Engagement Manager
- 2.1
- WA for ICP
- 1.4.2, 1.5.0
- Cloud Pak for Security (CP4S)
- 1.5.0.0
- 1.5.1.0
- 1.6.0.0
- 1.6.1.0
- 1.7.0.0
- 1.7.1.0
- API Connect
- API Connect V10.0.0.0 – V10.0.1.2
- API Connect V10.0.2
- V5.0.0.0-V5.0.8.11
- VMRM DR
- V1.5 and below
- ISPIM
- 2.1.1
- 2.1.0
- 2.0.2
Threats:
An attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS)
- Escalate their privileges
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-guardium-data-encryption-gde-cve-2021-20417-cve-2021-20415-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-a-privilege-escalation-vulnerability-cve-2021-29736/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-java-and-wlp-affects-ibm-cloud-application-business-insights-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-october-2020-patch-update-for-java/
- https://www.ibm.com/blogs/psirt/security-bulletin-oct-2020-patch-update-for-java/
- https://www.ibm.com/blogs/psirt/security-bulletin-user-behavior-analytics-application-add-on-to-ibm-qradar-siem-performs-improper-csrf-checking-for-some-components-cve-2021-29757/
- https://www.ibm.com/blogs/psirt/security-bulletin-october-2020-patch-update-for-java-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-i2-analyze-has-an-information-disclosure-vulnerability-cve-2019-17638/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bind-affects-aix-cve-2021-25215/
- https://www.ibm.com/blogs/psirt/security-bulletin-de-serialization-vulnerability-affects-ibm-partner-engagement-manager-cve-2021-29781/
- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-node-js-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-has-several-security-vulnerabilities-addressed-in-the-latest-version/
- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-fasterxml-jackson-databind-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-node-js-lodash-module-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ksh-affects-aix-cve-2021-29741/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-commons/
- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-node-js-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-in-java-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-node-js-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-multiple-openssl-vulnerabilities/
- https://www.ibm.com/blogs/psirt/security-bulletin-january-2021-patch-update-for-java/
- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-in-openssl/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-npm-affects-ibm-vm-recovery-manager-dr/
- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-node-js-6/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-xml-external-entity-injection-vulnerability-in-websphere-cve-2020-4949/
- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-node-js-lodash-module-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-npm-affects-ibm-vm-recovery-manager-ha/