Security Warnings

Classification
These posts contain security warnings, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

IBM Updates

75

Warning Date: 21 February, 2021

Severity Level ● High

Warning Number: 2021-2503

Target Sector: All

Description:

IBM has released a security update to address several vulnerabilities in the following products:

  • XStream, Apache HTTP, Jackson Databind, OpenSSL, and Node.js
    • IBM Spectrum Control 5.3.0.1-5.4.1
  • BM Java SDK
    • IBM WebSphere Cast Iron v 7.5.0.0, 7.5.0.1, 7.5.1.0
    • App Connect Professional v 7.5.2.0
    • App Connect Professional v 7.5.3.0
    • App Connect Professional v 7.5.4.0
  • WebSphere Application Server 9.0, 8.5, 8.0
  • Node.js xml-crypto module
    • IBM Cloud Pak for Multicloud Management Infrastructure Management
  • Java
    • IBM Cloud Application Business Insights 1.1.3, 1.1.4, 1.1.5
  • Node.js y18n module
    • IBM Cloud Pak for Multicloud Management Infrastructure Management
  • PostgreSQL
    • IBM Cloud Pak for Multicloud Management Infrastructure Management
  • GO
    • IBM Cloud Pak for Multicloud Management Infrastructure Management
  • Apache Tomcat
    • IBM WebSphere Cast Iron Solution v 7.5.0.0, 7.5.0.1, 7.5.1.0
    • App Connect Professional v 7.5.2.0
    • App Connect Professional v 7.5.3.0
    • App Connect Professional v 7.5.4.0
  • FasterXML Jackson Databind
    • IBM Tivoli Netcool/OMNIbus Integration – Transport Module Common Integration Library
  • Node.js ini module
    • IBM Cloud Pak for Multicloud Management Infrastructure Management
  • Bouncy Castle
    • IBM Rational Performance Tester
  • Node.js codemirror module
    • IBM Cloud Pak for Multicloud Management
  • Node.js
    • IBM Cloud Pak for Multicloud Management
  • IBM Spectrum Conductor 2.5.0
  • IBM Spectrum Symphony 7.3.1

Threats:

Attacker could exploit these vulnerabilities by doing the following:

  • Server-side request forgery (SSRF)
  • Execute arbitrary code -remotely
  • Denial of service attack (DoS)
  • Bypass of a protection mechanism

Best practice and Recommendations:

The CERT team encourages users to review IBM security advisory and apply the necessary updates:

Last updated at 21 February, 2021