IBM Updates
1608Warning Date
Severity Level
Warning Number
Target Sector
16 July, 2021
● High
2021-3204
All
Description:
IBM has released a security update to address several vulnerabilities in some of its products, mainly:
- DB2
- IBM i2 Analyze
- IBM Java SDK
- IBM Data Replication
- Dojo-WebSphere Liberty
- SPSS Collaboration and Deployment Services
- IBM DB2
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Execute arbitrary code
- Buffer overflow
- Escalation of privilege
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-db2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analyze-is-affected-by-multiple-db2-vulnerabilities/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-management-console-authentication-by-pass-against-ldap-directories-using-anonymous-binding/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-management-console-authentication-affected-by-annonymous-binding-cve-2020-4821/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-affected-by-vulnerabilities-in-ibm-java-sdk-cve-2020-2654/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-affected-by-multiple-vulnerabilities-in-ibm-java-sdk/
- https://www.ibm.com/blogs/psirt/security-bulletin-dojo-vulnerability-in-websphere-liberty-affects-collaboration-and-deployment-services-cve-2020-5258/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-affected-by-ibm-java-sdk-vulnerability-cve-2019-4732/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-affected-by-multiple-vulnerabilities-in-ibm-java-sdk-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-support-tool-information-collection-on-sybase-platform/
- https://www.ibm.com/blogs/psirt/security-bulletin-3rd-party-ibm-infosphere-mdm-inspector-cross-site-request-forgery/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-netty-affects-ibm-spectrum-scale-transparent-cloud-tiercve-2021-21295/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-uses-less-secure-methods-for-securing-data-at-rest-and-in-transit-between-hosts-cve-2020-4980/