The official site for Saudi CERT
IBM Updates
2593
Warning Date
Severity Level
Warning Number
Target Sector
7 November, 2021
● Critical
2021-3813
All
Description:
IBM has released security updates to address several vulnerabilities in the following products:
- API Connect
- V10.0.1.0 – V10.0.1.4
- V2018.4.1.0-2018.4.1.15
- V10.0.2
- IBM Application Delivery Intelligence
- 5.1.0.7
- IBM WIoTP MessageGateway
- 5.0.0.1
- PowerSC
- 1.3
- 2.0
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS)
- Cross-site scripting (XSS)
- Obtain sensitive information
- Bypass security restrictions
- Information disclosure
- Execute arbitrary code
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-oracle-java-se-affecting-watson-speech-services/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-oracle-mysql-vulnerabilities-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilites-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-weak-password-policy-vulnerability-cve-2021-20418-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-reliance-on-untrusted-inputs-in-security-descision-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-affected-by-multiple-vulnerabilities-in-golang/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-kernel-vulnerability-cve-2020-25705-cve-2020-28374-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-9/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-the-following-vulnerabilities-cve-2021-29773-cve-2021-2161-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-25/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-9/
- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2021-29753/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-openldap-vulnerability-cve-2020-25692-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-oracle-mysql-vulnerability-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-vulnerable-to-a-denial-of-service-attack-cve-2021-29843/
- https://www.ibm.com/blogs/psirt/security-bulletin-xss-vulerability-in-dojo-affects-ibm-tivoli-business-service-manager-cve-2018-15494/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-cross-site-scripting-in-guardium-stap-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletinmultiple-security-vulnerabilities-fixed-in-openssl-as-shipped-with-ibm-security-verify-products-cve-2021-3711-cve-2021-3712/
Rate the content
Share the page
