High Severity

Security Bulletin: IBM Security Verify Adapters are vulnerable to denial of service and bypass security restrictions due to OpenSSL (CVE-2021-3449, CVE-2021-3450)

May 23, 2022

Share this post:

OpenSSL is used by the IBM Security Verify Adapters as part of its SSL communication. IBM Security Verify Adapters are vulnerable to denial of service (CVE-2021-3449) and could allow a remote attacker to bypass security restrictions (CVE-2021-3450) The fix includes OpenSSL version 1.1.1k.

CVE(s): CVE-2021-3449, CVE-2021-3450

Affected product(s) and affected version(s):

Adapter Name	Version
IBM Security Verify Adapter for Lotus Notes	7.1.16, 6.0.16
IBM Security Verify Adapter for Microsoft SQL Server	7.1.18, 6.0.18
IBM Security Verify Adapter for Windows Active Directory	10.0.1
IBM Security Verify Adapter for Windows Local Accounts	7.1.20, 6.0.20

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6589173
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198752
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198754

High Severity

Security Bulletin: IBM Navigator for i is vulnerable to an SQL injection (CVE-2022-22495)

Search Posts

Resources

Feed for PSIRT Blog Posts

IBM Product Security Vulnerabilities

See information about: IBM Security Bulletins, IBM Security Vulnerability Management (PSIRT), Reporting a Security Issue, IBM Secure Engineering

Learn More

IBM Product Support Portal

Access IBM Product Support to: Subscribe to Notifications, Download Fixes & PTFs (Fix Central), Access the Directory of IBM Worldwide Contacts

See What's New

Helpful Information

Security Bulletin: IBM Rational Build Forge is affected by Apache Tomcat version used in it. (CVE-2021-42340)

July 5, 2022 | High Severity

IBM Rational Build Forge is affected by CVE-2021-42340. ...read more

Security Bulletin: IBM Engineering Test Management is vulnerable to arbitrary data access due to XStream ( CVE-2020-26258, CVE-2020-26259 )

July 4, 2022 | High Severity

IBM Engineering Test Management is vulnerable to remote attacker having access to snesitive data or to arbitrary files from system due to XStream. ...read more

Security Bulletin: IBM Integration Bus and IBM App Connect Enterprise are vulnerable to arbitrary code execution due to async ( CVE-2021-43138) and nconf (CVE-2022-21803)

July 4, 2022 | High Severity

IBM Integration Bus and IBM App Connect Enterprise are vulnerable to arbitrary code execution, due to the async (CVE-2021-43138) and nconf (CVE-2022-21803) modules for Node.js. A mitigation has been provided for IBM Integration Bus. The latest fix packs for IBM App Connect Enterprise includes async >=3.2.3 and nconf 0.12.0 ...read more

High Severity

Security Bulletin: IBM Security Verify Adapters are vulnerable to denial of service and bypass security restrictions due to OpenSSL (CVE-2021-3449, CVE-2021-3450)

Security Bulletin: IBM Navigator for i is vulnerable to an SQL injection (CVE-2022-22495)

Security Bulletin: This Power System update is being released to address CVE-2020-1968

Search Posts

Archives

Resources

IBM Product Security Vulnerabilities

IBM Product Support Portal

Helpful Information

Security Bulletin: IBM Rational Build Forge is affected by Apache Tomcat version used in it. (CVE-2021-42340)

July 5, 2022 | High Severity

Security Bulletin: IBM Engineering Test Management is vulnerable to arbitrary data access due to XStream ( CVE-2020-26258, CVE-2020-26259 )

July 4, 2022 | High Severity

Security Bulletin: IBM Integration Bus and IBM App Connect Enterprise are vulnerable to arbitrary code execution due to async ( CVE-2021-43138) and nconf (CVE-2022-21803)

July 4, 2022 | High Severity