IBM Updates
1687Warning Date
Severity Level
Warning Number
Target Sector
5 May, 2021
● High
2021-2870
All
Description:
IBM has released a security update to address several vulnerabilities in the following products:
- WebSphere Application Server
- IBM Tivoli System Automation Application Manager 4.1
- IBM QRadar SIEM
- IBM QRadar 7.3.0 to 7.3.3 Patch 7
- IBM QRadar 7.4.0 to 7.4.2 Patch 2
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- XML external entity (XXE) attack
- Execute arbitrary code
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-an-xml-external-entity-xxe-injection-vulnerability-cve-2021-20454-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-cross-site-scripting-xss-cve-2021-20397/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-sdk-technology-edition-affects-ibm-security-identity-manager-virtual-appliance-cve-2020-14782-cve-2020-14781/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-fixed-in-ibm-security-identity-manager-virtual-appliance-cve-2020-4576/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-addressed-in-ibm-cloud-pak-system-april-2020-updates-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-tomcat-as-used-by-ibm-qradar-siem-is-vulnerable-to-information-disclosure-cve-2020-13943/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-cross-domain-information-disclosure-cve-2020-4883/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-may-be-vulnerable-to-a-xml-external-entity-injection-attack-xxe-cve-2020-5013/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-path-traversal-cve-2020-4993/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-a-vulnerability-in-apache-httpclient-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-cross-site-scripting-xss-cve-2020-4929/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-contains-hard-coded-credentials-cve-2021-20401-cve-2020-4932/
- https://www.ibm.com/blogs/psirt/security-bulletin-issues-in-ibm-java-sdk-technology-edition-affects-ibm-security-identity-manager-virtual-appliance-cve-2020-14577-cve-2020-14578-cve-2020-14579/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-insecure-inter-deployment-communication-cve-2020-4979/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-8/