Critical Severity

Security Bulletin: A security vulnerability in Node.js vm2 module affects IBM Cloud Automation Manager

Share this post:

A security vulnerability in Node.js vm2 module affects IBM Cloud Automation Manager.

CVE(s): CVE-2021-23449

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Cloud Automation Manager 4.2.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6523412
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211759

More stories

Security Bulletin: IBM Rational Software Architect RealTime Edition (RSA RT) is is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105)

Jan 17, 2022 7:04 pm EST | Critical Severity

Security vulnerabilities identified within the Apache Log4j library (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105) used inside the search indexer component by IBM Rational Software Architect RealTime Edition. The fix includes Apache Log4j v2.17.0. ...read more


Security Bulletin: Vulnerability in Apache Log4j affects Cloud Pak for Security (CVE-2021-44228)

Jan 17, 2022 7:03 pm EST | Critical Severity

Cloud Pak for Security (CP4S) v1.9.0.0 and earlier is impacted by Log4Shell (CVE-2021-44228), through the use of Apache Log4j's JNDI logging feature. This vulnerability has been addressed in the updated versions of CP4S images. Please see remediation steps below to apply fix. All customers are encouraged to act quickly to update their systems. Please note, this security bulletin has been superseded by Security Bulletin: Cloud Pak for Security is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046) - see https://www.ibm.com/support/pages/node/6541156. ...read more


Security Bulletin: Log4j remote code execution vulnerability in Apache Solr and Logstash shipped with IBM Operations Analytics – Log Analysis (CVE-2021-44228)

Jan 17, 2022 7:02 pm EST | Critical Severity

IBM Operations Analytics - Log Analysis is bundled with Apache-Solr and Logstash (Third-party components) which are affected by the "CVE-2021-44228" security vulnerability. ...read more