High Severity
Security Bulletin: IBM Security Guardium is affected by OpenSSL denial of service vulnerabilities (CVE-2021-23840, CVE-2021-23841)
May 12, 2022
Categorized: High Severity
Share this post:
IBM Security Guardium has fixed these vulnerabilities.
CVE(s): CVE-2021-23840, CVE-2021-23841
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| IBM Security Guardium | 11.0 |
| IBM Security Guardium | 11.1 |
| IBM Security Guardium | 11.2 |
| IBM Security Guardium | 11.3 |
| IBM Security Guardium | 11.4 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6563575
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/196848
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/196847
Security Bulletin: IBM Rational Build Forge is affected by Apache Tomcat version used in it. (CVE-2021-42340)
July 5, 2022 | High Severity
IBM Rational Build Forge is affected by CVE-2021-42340. ...read more
Security Bulletin: IBM Engineering Test Management is vulnerable to arbitrary data access due to XStream ( CVE-2020-26258, CVE-2020-26259 )
July 4, 2022 | High Severity
IBM Engineering Test Management is vulnerable to remote attacker having access to snesitive data or to arbitrary files from system due to XStream. ...read more
Security Bulletin: IBM Integration Bus and IBM App Connect Enterprise are vulnerable to arbitrary code execution due to async ( CVE-2021-43138) and nconf (CVE-2022-21803)
July 4, 2022 | High Severity
IBM Integration Bus and IBM App Connect Enterprise are vulnerable to arbitrary code execution, due to the async (CVE-2021-43138) and nconf (CVE-2022-21803) modules for Node.js. A mitigation has been provided for IBM Integration Bus. The latest fix packs for IBM App Connect Enterprise includes async >=3.2.3 and nconf 0.12.0 ...read more