Critical Severity

Security Bulletin: Cloud Pak for Security is vulnerable to several CVEs

Share this post:

Cloud Pak for Security (CP4S) v1.7.2.0 and earlier uses packages that are vulnerable to several CVEs. These issues have been addressed in an update. See the Fixes section below for instructions.

CVE(s): CVE-2020-24332, CVE-2021-22543, CVE-2019-9169, CVE-2021-3450, CVE-2019-25013, CVE-2020-13434, CVE-2020-25648, CVE-2020-25692, CVE-2020-28196, CVE-2020-29361, CVE-2020-29362, CVE-2020-29363, CVE-2020-8285, CVE-2020-8286, CVE-2020-8625, CVE-2021-23362, CVE-2021-2388 , CVE-2021-25215, CVE-2021-27219, CVE-2021-27290, CVE-2021-3326, CVE-2021-3449, CVE-2021-3537, CVE-2017-14502, CVE-2020-24330, CVE-2020-24331, CVE-2020-24977, CVE-2021-22555, CVE-2021-3516, CVE-2021-3609, CVE-2021-20305, CVE-2021-3517, CVE-2021-3518, CVE-2021-3520, CVE-2019-18276, CVE-2020-13543, CVE-2020-13584, CVE-2020-14360, CVE-2020-9951, CVE-2021-1817, CVE-2021-30661, CVE-2021-23337, CVE-2021-2432 , CVE-2021-2341 , CVE-2019-13012, CVE-2019-2708, CVE-2020-14363, CVE-2020-1971, CVE-2020-12049, CVE-2020-10029, CVE-2020-29573, CVE-2020-8624, CVE-2020-8617, CVE-2020-8622, CVE-2020-8177, CVE-2021-20578, CVE-2021-23364, CVE-2020-28469, CVE-2021-2369 , CVE-2021-3177, CVE-2020-36329, CVE-2018-25011, CVE-2020-36328, CVE-2020-25712, CVE-2020-10878, CVE-2020-10543, CVE-2021-29894, CVE-2019-3842, CVE-2016-10228, CVE-2020-27619, CVE-2020-8231, CVE-2020-8927, CVE-2021-2163 , CVE-2020-14347, CVE-2020-15358, CVE-2020-27618, CVE-2021-23336, CVE-2020-26137, CVE-2020-27783, CVE-2021-1826, CVE-2021-3421, CVE-2021-27218, CVE-2021-33910, CVE-2020-9948, CVE-2020-9983, CVE-2020-26116, CVE-2020-8284, CVE-2021-1820, CVE-2021-1825, CVE-2021-22918, CVE-2021-25214, CVE-2021-3541, CVE-2020-13776, CVE-2020-14344, CVE-2020-14345, CVE-2020-14346, CVE-2020-14361, CVE-2020-14362, CVE-2021-20271

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Cloud Pak for Security (CP4S) 1.7.2.0
Cloud Pak for Security (CP4S) 1.7.1.0
Cloud Pak for Security (CP4S) 1.7.0.0

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6493729
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/186821
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/202561
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157800
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198754
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/194579
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/182405
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/190416
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/191968
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/191321
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/193532
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/193533
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/193534
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/192855
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/192856
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/196959
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198792
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205815
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/200960
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/196782
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198144
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/195732
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198752
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/203084
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/132123
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/186762
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/186763
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/187847
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/204997
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/202838
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/204088
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/199653
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/202526
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/203144
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/202592
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/172331
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/192461
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/192463
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/192532
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/188409
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/200746
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/200749
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/196797
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205856
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205768
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/166666
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159800
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/187359
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/192748
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/182955
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/177225
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/192722
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/187062
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/182127
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/187060
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/183931
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/199282
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/200951
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/196451
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205796
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/195244
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/202253
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/202259
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/202254
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/192533
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/183204
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/183203
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/207320
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159257
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/124078
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/190408
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/186954
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/188304
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/200292
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/186165
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/184103
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/196446
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/196808
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/189426
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/192644
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/200747
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/203124
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/196784
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205907
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/188410
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/188412
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/189404
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/192854
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/200748
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/200745
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/204784
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/200961
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/204818
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/184600
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/186164
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/187208
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/187209
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/187210
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/187211
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198961

More stories

Security Bulletin: Vulnerability in Apache Log4j may affect Cúram Social Program Management (CVE-2019-17571)

Nov 29, 2021 7:01 pm EST | Critical Severity

IBM Cúram Social Program Management uses the Apache Log4j libraries, for which there is a publicly known vulnerability. For this vulnerability, Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in SocketServer. ...read more


Security Bulletin: Vulnerability in IBM SDK Java affects IBM Cloud Pak System (CVE-2020-27221)

Nov 26, 2021 7:00 pm EST | Critical Severity

Vulnerability in IBM SDK Java affects IBM Cloud Pak System. OS Image for Red Enterprise Linux shipped with Cloud Pak System addressed this vulnerability. ...read more


Security Bulletin: Multiple vulnerabilities in OpenSSL affects IBM InfoSphere Information Server

Nov 16, 2021 7:01 pm EST | Critical Severity

Multiple vulnerabilities in OpenSSL used by IBM InfoSphere Information Server were addressed. ...read more