IBM Updates
1571Warning Date
Severity Level
Warning Number
Target Sector
24 November, 2021
● High
2021-3926
All
Description:
IBM has released security updates to address multiple vulnerabilities in the following products:
- Sterling Connect Direct Web Services
- 1.0
- IBM Connect:Direct Web Services
- 6.0
- IBM Planning Analytics
- 2.0
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Execute arbitrary code
- Path Traversal attack
- Obtain sensitive information
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-weak-cryptographic-control-vulnerability-affects-ibm-sterling-connectdirect-web-services-cve-2021-38891/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-13/
- https://www.ibm.com/blogs/psirt/security-bulletin-account-lockout-vulnerability-affects-ibm-sterling-connectdirect-web-services-cve-2021-38890/
- https://www.ibm.com/blogs/psirt/security-bulletin-postgresql-sensitive-information-exposure-vulnerability-affects-ibm-connectdirect-web-services-cve-2021-32029/