High Severity

Security Bulletin: IBM MQ is vulnerable to multiple issues within the IBM® Runtime Environment Java™ Technology Edition, Version 8 shipped with IBM MQ (CVE-2021-2432, CVE-2021-2388)

Share this post:

Multiple issues were identified with IBM® Runtime Environment Java™ Technology Edition, Version 8 that is packaged with IBM MQ.

CVE(s): CVE-2021-2432 , CVE-2021-2388

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM MQ 9.1 LTS
IBM MQ 9.0 LTS
IBM MQ 8.0
IBM MQ 9.2 CD
IBM MQ 9.1 CD
IBM MQ 9.2 LTS

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6517670
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205856
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205815

More stories

Security Bulletin: IBM Cognos Controller 10.4.2 IF17: Apache Log4j vulnerability (CVE-2021-45105 & CVE-2021-44832)

Jan 15, 2022 7:01 pm EST | High Severity

IBM Cognos Controller is affected by security vulnerabilities. Apache Log4j is used by IBM Cognos Controller as part of its logging infrastructure. This bulletin addresses the exposure to the Apache Log4j vulnerabilities: CVE-2021-45105 and CVE-2021-44832. IBM Cognos Controller has upgraded Apache Log4j to v2.17.1. Please note that this update also addresses CVE-2021-44228 and CVE-2021-45046. ...read more


Security Bulletin: Multiple security vulnerabilities with IBM Content Navigator component in IBM Business Automation Workflow – CVE-2020-4757, PSIRT-ADV0028011, CVE-2020-4934

Jan 15, 2022 7:00 pm EST | High Severity

The embedded IBM Content Navigator, that is shipped with IBM Business Automation Workflow is vulnerable to several security vulnerabilities. ...read more


Security Bulletin: Vulnerability in Apache Log4j affects Content Collector for IBM Connections (CVE-2021-45105)

Jan 14, 2022 7:07 pm EST | High Severity

Apache Log4j open source library is used by Content Collector for IBM Connections. This bulletin describes the upgrades necessary to address the vulnerability. ...read more