IBM Updates
1761Warning Date
Severity Level
Warning Number
Target Sector
9 May, 2021
● High
2021-2886
All
Description:
IBM has released a security update to address several vulnerabilities in the following products:
- InfoSphere Information Server
- 11.7
- IBM Events Operator
- 0.20.0 (part of IBM Cloud Pak foundational services 3.6.x)
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Cross-site scripting (XSS)
- Sensitive information disclosure
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-on-premise-cve-2020-14781-deferred-from-oracle-oct-2020-cpu-for-java-8/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-control-desk-is-vulnerable-to-cross-site-scripting-vulnerability-cve-2021-20559/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise-cve-2020-14781-deferred-from-oracle-oct-2020-cpu-for-java-8/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise-cve-2020-14782-deferred-from-oracle-oct-2020-cpu-for-java-8/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-urijs-module-affects-ibm-cloud-pak-for-multicloud-management-infrastructure-management/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-security-is-vulnerable-to-cve-2021-20538-and-cve-2021-20577/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-on-premise-cve-2020-14782-deferred-from-oracle-oct-2020-cpu-for-java-8/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloudpak-foundational-services-events-operator-is-affected-by-potential-data-integrity-issue-cve-2020-25649/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-xstream/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-a-vulnerability-in-apache-commons-codec/