IBM has released a security update to address several vulnerabilities in its products, the most ones:

• ICP4A
• IBM Security Access Manager for Enterprise Single-Sign On
• IBM Cloud Pak for Data System
• Openshift Container Platform 4
• Rational Test Automation Server
• IBM Business Automation Workflow
• IBM Telco Network Cloud Manager – Performance (TNCP)
• Content Collector for IBM Connections
• Content Collector for Email
• IBM QMF Analytics for Multiplatforms – QMF Vision
• IBM Sterling B2B Integrator
• Content Collector for Email
• UCD – IBM UrbanCode Deploy
• FileNet Content Manager
• Cúram SPM
• IBM Watson Explorer Deep Analytics Edition Foundational Components
• IBM Watson Explorer Deep Analytics Edition oneWEX
• IBM Watson ExplorerFoundational Components
• IBM Watson Explorer Content Analytics Studio
• Cloud Pak for Security (CP4S)
• Content Collector for Email
• IBM Engineering Lifecycle Optimization – Publishing (PUB)
• Rational Publishing Engine (RPE)
• IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps
• IBM Engineering Systems Design Rhapsody
• Rational Rhapsody
• IBM Engineering Requirements Management DOORS
• IBM Sterling B2B Integrator
• IBM Edge Application Manger
• IBM Rational Build Forge
• Content Collector for Email
• Hortonworks Data Platform (HDP) with IBM
• Cloudera Data Platform (CDP) with IBM
• Includes Cloudera Data Hub (CDH) and Cloudera Manager (CM)
• IBM Sterling File Gateway
• Crypto Hardware Initialization and Maintenance
• IBM Sterling File Gateway
• IBM Business Automation Workflow

Attacker could exploit these vulnerabilities by doing the following:

• Denial of service (DoS)
• Execute arbitrary code

The CERT team encourages users to review IBM security advisory and apply the necessary updates:

• https://www.ibm.com/blogs/psirt/