IBM Updates
1864Warning Date
Severity Level
Warning Number
Target Sector
25 May, 2021
● High
2021-2953
All
Description:
IBM has released a security update to address several vulnerabilities in the following products:
- IBM MQ Appliance
- 9.1 LTS
- 9.2 CD
- 9.2 LTS
- 9.1 CD
- IBM Elastic Storage System
- 6.0.0 – 6.0.2.0
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS)
- Obtain sensitive information
- Buffer overflow
- Elevate privileges
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-websphere-application-server-april-2021-cpu-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-spectrum-scale-that-could-allow-a-local-attacker-which-has-access-to-the-gui-pod-can-ssh-to-the-core-pods-as-a-privileged-user-cve-2021-29708/
- https://www.ibm.com/blogs/psirt/security-bulletin-mitigations-are-being-announced-to-address-cve-2020-4839-and-cve-2021-29695/
- https://www.ibm.com/blogs/psirt/security-bulletin-ansible-vulnerability-affects-ibm-elastic-storage-system-cve-2021-20228/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-java-se-vulnerability-cve-2020-27221/
- https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulnerabilities-in-the-linux-kernel-used-in-ibm-elastic-storage-system-4/