IBM Updates
1687Warning Date
Severity Level
Warning Number
Target Sector
15 July, 2021
● High
2021-3195
All
Description:
IBM has released a security update to address several vulnerabilities in the following products:
- IBM Security Privileged Identity Manager 2.1.1, 2.0.2, 2.1.0
- Java SE
- IBM Security Privileged Identity Manager
- Eclipse Jetty
- IBM Security SOAR
- Apache Commons
- IBM Security SOAR
- Apache PDFBox
- IBM Watson Compare and Comply for IBM Cloud Pak for Data
- OpenSSL
- IBM Tivoli Netcool System Service Monitors/Application Service Monitors
- IBM® WebSphere Application Server Liberty
- IBM LKS Administration and Reporting Tool and its Agent
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Sensitive information disclosure
- Denial of service attack (DoS)
- Cross-site scripting (XSS)
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-a-specially-crafted-sequence-of-serialized-objectscve-2020-4576/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-soar-is-using-a-component-with-known-vulnerabilities-eclipse-jetty-cve-2021-28163-cve-2021-28165-cve-2020-27223/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-soar-is-using-a-component-with-known-vulnerabilities-apache-commons-cve-2021-29425/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-compare-and-comply-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-apache-pdfbox/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-vulnerability-in-java-se-cve-2020-14579-cve-2020-14578cve-2020-14577/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-lks-administration-and-reporting-tool-and-its-agent/