IBM Updates
1855Warning Date
Severity Level
Warning Number
Target Sector
29 July, 2021
● High
2021-3270
All
Description:
IBM has released security updates to address several vulnerabilities in the following products:
- IBM Elastic Storage System
- 6.0.0 – 6.0.2.1
- 6.1.0 – 6.1.1.0
- InfoSphere Information Server
- 11.7
- IBM Security Verify Gateway
- RADIUS Server
- WinLogin
- Directory Sync
- IBM Spectrum Scale
- 5.0.0.0 – 5.0.5.7
- 5.1.0 – 5.1.1.1
- PowerVM Hypervisor
- FW920
- FW930
- FW940
- FW950
- All fix pack levels of IBM Db2 - Windows
- V9.7
- V10.1
- V10.5
- V11.1
- V11.5
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service (DoS)
- Execute arbitrary code
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-websphere-application-server-liberty-affects-ibm-elastic-storage-system-cve-2020-5258/
- https://www.ibm.com/blogs/psirt/security-bulletin-glibc-vulnerability-affects-ibm-elastic-storage-system-cve-2021-27219/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affects-ibm-infosphere-information-server/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-fixed-in-openssl-as-shipped-with-ibm-security-verify-products/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-websphere-application-server-affects-ibm-spectrum-scale-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-this-power-system-update-is-being-released-to-address-cve-2021-20505/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-could-allow-a-local-authenticated-attacker-to-execute-arbitrary-code-on-the-system-caused-by-dll-search-order-hijacking-vulnerability-in-microsoft-windows-clie-14/