IBM Updates
1664Warning Date
Severity Level
Warning Number
Target Sector
13 July, 2021
● High
2021-3173
All
Description:
IBM has released a security updates to address several vulnerabilities in its products, mainly:
- IBM Cloud Pak for Applications
- All
- PowerSC
- 1.2, 1.3
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS)
- Sensitive information disclosure
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates, the most important ones:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-applications-v4-3-does-not-properly-assign-modify-track-or-check-privileges-for-an-actor-creating-an-unintended-sphere-of-control-for-that-actor/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-found-in-ibm-cloud-pak-for-applications-v4-3-which-may-allow-a-malicious-attacker-to-obtain-sensitive-user-information-from-memory/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerabilty-has-been-found-in-x-test-pacakge-before-0-3-3-for-go-that-could-lead-to-an-infinite-loop-affecting-ibm-cloud-pak-for-applications/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-curl-affect-powersc-cve-2021-22876-and-cve-2021-22890/