IBM Updates
1788Warning Date
Severity Level
Warning Number
Target Sector
20 April, 2021
● High
2021-2788
All
Description:
IBM has released a security update to address several vulnerabilities in the following products:
- IBM Cloud Application Business Insights
- WebSphere Application Server
- WebSphere Application Server
- IBM Integration Bus
- IBM App connect Enterprise
- Log Analysis
- IBM Db2 Warehouse
- InfoSphere Streams
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Sensitive information disclosure
- Execute arbitrary code
- Escalation of privilege
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-soar-is-vulnerable-to-command-injection-cve-2021-20527/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-hadoop-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jan-2021-vulnerabilities-could-affect-infosphere-streams/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-oct-2020-includes-oracle-oct-2020-cpu-minus-cve-2020-14781-and-cve-2020-14782-affecting-infosphere-streams-4-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-an-apache-hadoop-vulnerability-could-affect-infosphere-streams/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bouncy-castle-affect-apache-solr-shipped-ibm-operations-analytics-log-analysis-analysis-cve-2019-17359/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-commons-compress-affect-apache-solr-shipped-ibm-operations-analytics-log-analysis-analysis-cve-2019-12402/
- https://www.ibm.com/blogs/psirt/security-bulletin-an-unspecified-vulnerability-in-java-se-could-affect-infosphere-streams/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-pdfbox-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis-cve-2019-0228/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-hadoop-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis-cve-2018-11768/
- https://www.ibm.com/blogs/psirt/security-bulletin-potential-tls-vulnerability-using-diffie-hellman-tls-ciphersuites-in-ibm-datapower-gateway-cve-2020-1968/
- https://www.ibm.com/blogs/psirt/security-bulletin-an-unspecified-vulnerability-in-java-se-related-to-the-jndi-component-could-affect-infosphere-streams/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-solr-shipped-with-ibm-operations-analytics-log-analysis-susceptible-to-vulnerability-in-apache-poi-cve-2019-12415/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-operations-analytics-log-analysis-is-affected-by-an-apache-zookeeper-vulnerability-cve-2019-0201/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-in-node-js-affect-ibm-integration-bus-ibm-app-connect-enterprise-v11/
- https://www.ibm.com/blogs/psirt/security-bulletin-an-unspecified-vulnerability-in-java-se-related-to-the-libraries-component-could-affect-infosphere-streams-version-4-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-integration-bus-and-ibm-app-connect-enterprise-cve-2020-1971/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-integration-bus-and-ibm-app-connect-enterprise-cve-2020-1968/
- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-an-xml-external-entity-xxe-injection-vulnerability-cve-2021-20453/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-java-affects-ibm-cloud-application-business-insights-2/