Critical Severity

Security Bulletin: Cloud Pak for Security has several security vulnerabilities addressed in the latest version

Share this post:

Cloud Pak for Security (CP4S) v1.7.1.0 and older is vulnerable to multiple CVEs. These have been addressed in the latest product release, CP4S v1.7.2.0.

CVE(s): CVE-2021-20305, CVE-2020-1971, CVE-2021-3449, CVE-2021-3450, CVE-2020-24659, CVE-2021-20539, CVE-2020-27619, CVE-2020-26116, CVE-2021-3177, CVE-2021-20541, CVE-2021-29696, CVE-2021-20540, CVE-2021-29697

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Cloud Pak for Security (CP4S) 1.5.0.0
Cloud Pak for Security (CP4S) 1.5.1.0
Cloud Pak for Security (CP4S) 1.6.0.0
Cloud Pak for Security (CP4S) 1.6.1.0
Cloud Pak for Security (CP4S) 1.7.0.0
Cloud Pak for Security (CP4S) 1.7.1.0

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6476940
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/199653
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/192748
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198752
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198754
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/187828
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198920
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/190408
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/189404
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/195244
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198927
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/200597
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198923
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/200598

More stories

Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (Sept. 2021 V1)

Sep 22, 2021 8:03 pm EDT | Critical Severity

Multiple vulnerabilities affect IBM Cloud Object Storage Systems. These vulnerabilities have been addressed in the latest ClevOS releases. ...read more


Security Bulletin: Multiple vulnerabilities in VMware affect IBM Cloud Pak System

Sep 22, 2021 8:01 pm EDT | Critical Severity

Multiple vulnerabilities have been identified in VMware, a supporting product shipped with IBM Cloud Pak System. Vulnerabilities in VMware vSphere Client (HTML5) for VMware vCenter plugins in vRealize Operations Environment, not used in Cloud Pak Systems, but for VMware vulnerabile vCenter endpoints exist. The recommendation is to apply workaround. Refer to the corresponding sections below for details. ...read more


Security Bulletin: IBM QRadar Azure marketplace images include Open Management Infrastructure RPM, which is vulnerable to Remote Code Execution (CVE-2021-38647)

Sep 21, 2021 8:02 pm EDT | Critical Severity

IBM QRadar Azure marketplace images include the Open Management Infrastructure RPM which is vulnerable to CVE-2021-38647. Although we do not expose the affected port, we suggest updating out of an abundance of caution. ...read more