Critical Severity

Security Bulletin: IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and VPN module have multiple vulnerabilities (CVE-2021-22060, CVE-2022-22950, CVE-2022-0547, CVE-2022-0778, CVE-2022-22965)

Share this post:

Vulnerabilities contained within 3rd party components were identified and remediated in the IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and MaaS360 VPN module.

CVE(s): CVE-2021-22060, CVE-2022-22950, CVE-2022-0547, CVE-2022-0778, CVE-2022-22965

Affected product(s) and affected version(s):

Affected Product(s)

Version(s)

IBM MaaS360 VPN Module

2.106.100 and prior

IBM MaaS360 Mobile Enterprise Gateway

2.106.200 and prior

IBM MaaS360 Cloud Extender Agent

2.106.100.008 and prior

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6592807
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217183
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/223096
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/222201
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/221911
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/223103

More stories

Security Bulletin: IBM Case Manager is affected but not classified as vulnerable to a remote code execution in Spring Framework [CVE-2022-22965]

September 30, 2022 | Critical Severity

IBM Case Manager is affected but not classified as vulnerable to a remote code execution in Spring Framework [CVE-2022-22965]. To be vulnerable a product must meet all of the following criterias: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Cloud connector service if enabled will use only the spring, as in a client to make only the REST calls with IBM Cloud Mangement Console. The fix includes Spring 5.3.18. IBM Case Manager doesn't meet all of the criterias and, therefore, is not vulnerable. ...read more


Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC

September 23, 2022 | Critical Severity

There are multiple vulnerabilities in Curl that affect PowerSC. ...read more


Security Bulletin: A security vulnerability has been identified in Postgresql shipped with IBM Tivoli Netcool Impact (CVE-2022-26520, CVE-2022-21724, 220313)

September 21, 2022 | Critical Severity

Postgresql is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting Postgresql has been published in a security bulletin. ...read more