Critical Severity
Security Bulletin: IBM App Connect Enterprise v11 is affected by vulnerabilities in Node.js (CVE-2021-23358)
December 9, 2021
Categorized: Critical Severity
Share this post:
IBM App Connect Enterprise v11 ships with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below.
CVE(s): CVE-2021-23358
Affected product(s) and affected version(s):
IBM App connect Enterprise V11 , V11.0.0.0 – V11.0.0.12
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6470841
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198958
Security Bulletin: PowerVC installation on RHEL is vulnerable to MariaDB with CVE-2021-27928
May 18, 2022 | Critical Severity
Summary guidance: A remote code execution issue was discovered in MariaDB in the version PowerVC ships. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. ...read more
Security Bulletin: Heap-Based Buffer Overflow in Mozilla Network Security Services (NSS) may affect IBM Spectrum Protect Plus (CVE-2021-43527)
May 17, 2022 | Critical Severity
Mozilla Network Security Services is vulnerable to a heap-based buffer overflow which may affect IBM Spectrum Protect Plus. ...read more
Security Bulletin: IBM Planning Analytics Workspace is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
May 17, 2022 | Critical Severity
IBM Planning Analytics Workspace is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Spring is used in IBM Planning Analytics Workspace in Server Side Rest APIs as an indirect dependency by MongoDB that is used to store content. IBM Planning Analytics Workspace includes Spring 5.2.20. ...read more