IBM Updates
1691Warning Date
Severity Level
Warning Number
Target Sector
7 December, 2021
● High
2021-3980
All
Description:
IBM has released security updates to address several vulnerabilities in several products:
- IBM Netezza Host Management
- starting 5.4.9.0
- IBM Event Streams in IBM Cloud Pak for Integration
- 10.0.0
- 10.1.0
- 10.2.0
- 10.3.0
- 10.3.1
- 10.4.0
- IBM i
- 7.4
- 7.3
- 7.2
- IBM Cloud Pak for Multicloud Management Monitoring
- before 2.3 Fix Pack 2
- IBM Spectrum Scale
- 5.1.0 – 5.1.1.2
Threats:
An attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS)
- Obtain sensitive information
- Bypass security restrictions
- Cross-site scripting (XSS)
- Execute arbitrary code
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-kernel-affect-ibm-netezza-host-management-15/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affecting-ibm-event-streams-cve-2021-22960-and-cve-2021-22959/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-http-server-powered-by-apache-for-i-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-mozilla-firefox-affect-ibm-cloud-pak-for-multicloud-management-monitoring-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-samba-affects-ibm-spectrum-scale-smb-protocol-access-method-cve-2021-20254/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-affected-by-multiple-vulnerabilities-in-the-java-runtime/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-event-streams-through-apache-kafka-key-password-validation-cve-2021-38153/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-redis-affecting-the-ibm-event-streams-ui/