High Severity

Security Bulletin: IBM InfoSphere Identity Insight vulnerabilities in third party libraries (CVE-2021-39239, CVE-2022-23308, CVE-2021-29424, CVE-2020-15250, 177835)

Share this post:

A vulnerability in the libxml2 library can cause a denial of service in IBM InfoSphere Identity Insight. Other vulnerabilities that do not impact Identity Insight are present in four libraries that are currently included with the product but not used.

CVE(s): CVE-2021-39239, CVE-2020-15250, CVE-2021-29425, CVE-2022-23308, IBM X-Force ID:   177835

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM InfoSphere Identity Insight 9.0
IBM InfoSphere Identity Insight 9.1
IBM InfoSphere Identity Insight 10.0

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6612837
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/209530
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/189677
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/199852
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/220772

More stories

Security Bulletin: IBM QRadar DNS Analyzer App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2022-31129, CVE-2022-24785, CVE-2017-18214)

October 5, 2022 | High Severity

The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. IBM has addressed the vulnerabilities. ...read more

Security Bulletin: IBM Planning Analytics Workspace is affected by multiple vulnerabilities (CVE-2021-40690, CVE-2022-25647, XFID: 233967)

October 5, 2022 | High Severity

IBM Planning Analytics Workspace is affected by multiple vulnerabilities. Apache Santuario Security for Java provides a mechanism for XML-Signature & XML Encryption syntax and processing (CVE-2021-40690). Google Gson is an open-source Java library to serialize and deserialize Java objects to (and from) JSON (CVE-2022-25647). Maven okHTTP is an efficient HTTP & HTTP/2 client for Android and Java applications (XFID:233967). These vulnerabilities have been addressed. ...read more

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2019-11777)

October 4, 2022 | High Severity

IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. ...read more