IBM Updates
1879Warning Date
Severity Level
Warning Number
Target Sector
29 April, 2021
● High
2021-2847
All
Description:
IBM has released a security update to address several vulnerabilities in the following products:
- App Connect Enterprise Certified Container
- 1.0 with Operator
- 1.1 with Operator
- IBM API Connect
- V5.0.0.0-5.0.8.10
- V10.0.1.0
- V2018.4.1.0-2018.4.1.12
- RDS
- 5.2.1 iFix 13 and earlier
- 1. 6.0.0.2 iFix 06 and earlier
- 2. 6.0.0.3
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Unauthorized modification
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-may-be-vulnerable-to-a-denial-of-service-vulnerability-cve-2020-1971-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-vulnerable-to-cookie-forgery-via-php-cve-2020-7070/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-directory-server-tivoli-rational-directory-administrator-6/