Medium Severity
Security Bulletin: IBM® Security SOAR could be vulnerable to a downgrade attack because of missing Strict-Transport-Security headers for some endpoints (CVE-2021-29785).
January 19, 2022
Categorized: Medium Severity
Share this post:
IBM® Security SOAR, is missing Strict-Transport-Security headers for some endpoints that help prevent HTTPS downgrade attacks. This is addressed by upgrading IBM Security SOAR to the latest build of v43.1.
CVE(s): CVE-2021-29785
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| IBM® Security SOAR | IBM Security SOAR |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6541974
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/203169
Security Bulletin: IBM SDK, Java Technology Edition, Security Update October 2021
June 27, 2022 | Medium Severity
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8* that are used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates in October 2021. IBM 8 Fix SR7 FP5 (8.0.7.5). ...read more
Security Bulletin: Vulnerabilities in the Java JDK affect IBM Event Streams (CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21294, CVE-2022-21293, CVE-2022-21291, CVE-2022-21248)
June 27, 2022 | Medium Severity
There are a number of vulnerabilities in the Java JDK used by IBM Event Streams. ...read more
Security Bulletin: IBM SDK, Java Technology Edition, Security Update October 2021
June 27, 2022 | Medium Severity
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8* that are used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates in October 2021. IBM 8 Fix SR7 FP5 (8.0.7.5). ...read more