Medium Severity

Security Bulletin: IBM DataPower affected by vulnerabilities in Node.js

March 2, 2022

Share this post:

IBM has addressed the following CVEs that affect the APIC Gateway Service.

CVE(s): CVE-2021-22959, CVE-2021-22960

Affected product(s) and affected version(s):

Affected Product(s)	Version(s)
IBM DataPower Gateway V10CD	10.0.2.0, 10.0.3.0
IBM DataPower Gateway 10.0.1	10.0.1.0, 10.0.1.1, 10.1.1.2, 10.0.1.3, 10.0.1.4, 10.0.1.5

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6560728
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211168
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211171

Medium Severity

Security Bulletin: IBM Rational Build Forge is affected by Apache HTTP Server version used in it. (CVE-2021-44790)

Search Posts

Resources

Feed for PSIRT Blog Posts

IBM Product Security Vulnerabilities

See information about: IBM Security Bulletins, IBM Security Vulnerability Management (PSIRT), Reporting a Security Issue, IBM Secure Engineering

Learn More

IBM Product Support Portal

Access IBM Product Support to: Subscribe to Notifications, Download Fixes & PTFs (Fix Central), Access the Directory of IBM Worldwide Contacts

See What's New

Helpful Information

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Cast Iron Solution & App Connect Professional.

July 1, 2022 | Medium Severity

There are multiple vulnerabilities in the IBM SDK Java Technology used by IBM WebSphere Cast Iron Solution & App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in Apr 2022, IBM WebSphere Cast Iron Solution & App Connect Professional have addressed the applicable CVEs. These vulnerabilities are addressed in App connect professional v7.5.5.0, customer can migrate to this version without incurring any additional cost. ...read more

Medium Severity

Security Bulletin: IBM DataPower affected by vulnerabilities in Node.js

Security Bulletin: IBM Rational Build Forge is affected by Apache HTTP Server version used in it. (CVE-2021-44790)

Security Bulletin: IBM i components are affected by CVE-2021-4104 (log4j version 1.x)

Search Posts

Archives

Resources

IBM Product Security Vulnerabilities

IBM Product Support Portal

Helpful Information

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Cast Iron Solution & App Connect Professional.

July 1, 2022 | Medium Severity

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Cast Iron Solution & App Connect Professional.

July 1, 2022 | Medium Severity

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Cast Iron Solution & App Connect Professional.

July 1, 2022 | Medium Severity