High Severity

Security Bulletin: IBM MQ Operator and IBM supplied MQ Advanced container images are vulnerable to multiple issues from Red Hat UBI packages and the IBM WebSphere Application Server Liberty

May 16, 2022

Share this post:

Multiple issues were identified in Red Hat UBI(ubi8/ubi-minimal) v8.5-x packages that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. We have also identified an issue in the IBM WebSphere Application Server Liberty component that is packaged with IBM supplied MQ Advanced container images.

CVE(s): CVE-2021-3521, CVE-2021-3999, CVE-2021-39031, CVE-2022-23219, CVE-2022-23218

Affected product(s) and affected version(s):

Affected Product(s)	Version(s)
IBM MQ Operator CD Release	v1.7.0
IBM MQ Operator EUS Release	v1.3.2
IBM MQ Advanced Server Container image	v9.2.4.0-r1,9.2.0.4-r1-eus

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6569153
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/213411
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217981
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/213875
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217303
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217302

High Severity

Security Bulletin: Potential Denial of Service in IBM DataPower Gateway

Search Posts

Resources

Feed for PSIRT Blog Posts

IBM Product Security Vulnerabilities

See information about: IBM Security Bulletins, IBM Security Vulnerability Management (PSIRT), Reporting a Security Issue, IBM Secure Engineering

Learn More

IBM Product Support Portal

Access IBM Product Support to: Subscribe to Notifications, Download Fixes & PTFs (Fix Central), Access the Directory of IBM Worldwide Contacts

See What's New

Helpful Information

Security Bulletin: One or more security vulnerabilities has been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics (CVE-2020-4230,CVE-2020-4135,CVE-2020-4204,CVE-2020-4200)

June 23, 2022 | High Severity

IBM® DB2® is shipped as a component of IBM PureData System for Operational Analytics. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin (CVE-2020-4230,CVE-2020-4135,CVE-2020-4204,CVE-2020-4200). ...read more

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2019-10086, CVE-2021-41617)

June 23, 2022 | High Severity

IBM Security Guardium has fixed these vulnerabilities. ...read more

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

June 23, 2022 | High Severity

IBM Security Guardium has addressed the following vulnerabilities. ...read more

High Severity

Security Bulletin: IBM MQ Operator and IBM supplied MQ Advanced container images are vulnerable to multiple issues from Red Hat UBI packages and the IBM WebSphere Application Server Liberty

Security Bulletin: Potential Denial of Service in IBM DataPower Gateway

Security Bulletin: IBM DataPower Gateway: Update Redis to remediate two CVEs

Search Posts

Archives

Resources

IBM Product Security Vulnerabilities

IBM Product Support Portal

Helpful Information

Security Bulletin: One or more security vulnerabilities has been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics (CVE-2020-4230,CVE-2020-4135,CVE-2020-4204,CVE-2020-4200)

June 23, 2022 | High Severity

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2019-10086, CVE-2021-41617)

June 23, 2022 | High Severity

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

June 23, 2022 | High Severity