High Severity

Security Bulletin: IBM Planning Analytics Workspace is affected by multiple vulnerabilities (CVE-2021-40690, CVE-2021-25647, XFID: 233967)

Share this post:

IBM Planning Analytics Workspace is affected by multiple vulnerabilities. Apache Santuario Security for Java provides a mechanism for XML-Signature & XML Encryption syntax and processing (CVE-2021-40690). Google Gson is an open-source Java library to serialize and deserialize Java objects to (and from) JSON (CVE-2022-25647). Maven okHTTP is an efficient HTTP & HTTP/2 client for Android and Java applications (XFID:233967). These vulnerabilities have been addressed.

CVE(s): CVE-2021-40690, CVE-2022-25647, IBM X-Force ID:   233967

Affected product(s) and affected version(s):

IBM Planning Analytics Workspace 2.0

 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6621617
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/209586
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217225

More stories

Security Bulletin: A Kafka vulnerability affects IBM Operations Analytics Predictive Insights (CVE-2022-34917 )

November 29, 2022 | High Severity

Kafka vulnerability affects IBM Operations Analytics Predictive Insights [CVE-2022-34917]. Kafka is used by IBM Operations Analytics Predictive Insight in the data ingestion and processing services. The vulnerabilities have been addressed. ...read more


Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 102.4ESR) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF16 – 2022.4.0

November 29, 2022 | High Severity

Synthetic Playback Agent has addressed the following vulnerabilities: CVE-2022-42932, CVE-2022-40956, CVE-2022-42928, CVE-2022-42929, CVE-2022-42927, CVE-2022-40962, CVE-2022-40958, CVE-2022-40960, CVE-2022-40957, CVE-2022-40959 ...read more


Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty profile affects IBM Operations Analytics Predictive Insights(CVE-2022-22393 CVE-2022-22476 CVE-2022-22475)

November 29, 2022 | High Severity

Websphere Application Server Liberty profile is used in the UI component of IBM Operations Analytics Predictive Insights. The vulnerabilities have been addressed. ...read more