Critical Severity

Security Bulletin: IBM QRadar Azure marketplace images include Open Management Infrastructure RPM, which is vulnerable to Remote Code Execution (CVE-2021-38647)

Share this post:

IBM QRadar Azure marketplace images include the Open Management Infrastructure RPM which is vulnerable to CVE-2021-38647. Although we do not expose the affected port, we suggest updating out of an abundance of caution.

CVE(s): CVE-2021-38647

Affected product(s) and affected version(s):

IBM QRadar Azure marketplace images 7.3.0 to 7.3.3 Patch 9

IBM QRadar Azure marketplace images 7.4.0 to 7.4.3 Patch 2

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6491159
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208548

More stories

Security Bulletin: There is vulnerability in Apache Log4j used by Content Manager OnDemand z/OS. Content Manager OnDemand z/OS has addressed the applicable CVE [CVE-2021-44228]

October 3, 2022 | Critical Severity

There is vulnerability in Apache Log4j used by Content Manager OnDemand for Multiplatforms. Content Manager OnDemand for Multiplatforms has addressed the applicable CVE. [CVE-2021-44228] ...read more


Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

October 3, 2022 | Critical Severity

Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud PakOpen SSL is used by IBM Robotic Process Automation for Cloud Pak as part of base container images. CVE-2022-0778Expat (aka libexpat) is used by IBM Robotic Process Automation for Cloud Pak as dependency of the .NET 6 runtime. CVE-2021-045960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23852, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315.Go ssh is used by IBM Robotic Process Automation for Cloud Pak as part of the base container images. CVE-2022-27191. ...read more


Security Bulletin: IBM MaaS360 Cloud Extender Agent and Base Module use libcurl with multiple known vulnerabilities

October 3, 2022 | Critical Severity

Vulnerabilities contained within libcurl (a 3rd party component) were identified and remediated in the IBM MaaS360 Cloud Extender Agent and Base Module. ...read more