Critical Severity

Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to IBM Dojo (CVE-2021-234550), Java SE (CVE-2021-35578), IBM WebSphere Application Server – Liberty (CVE-2021-39031), Apache Log4j (CVE-2021-44832) and Gson (217225)

Share this post:

IBM Spectrum Control has multiple vulnerabilities: arbitrary code execution due to Apache Log4j (CVE-2021-44832) and Dojo (CVE-2021-23450), denial of service due to Java SE (CVE-2021-35578) and Gson (217225) and LDAP injection due to IBM Websphere Application Security – Liberty (CVE-2021-39031). The fix includes Apache Log4j 2.17.1.

CVE(s): CVE-2021-23450, CVE-2021-35578 , CVE-2021-39031, CVE-2021-44832, Third Party Entry:   217225

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Spectrum Control 5.4.0 – 5.4.5

 

 

 

 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6561029
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216463
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211654
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/213875
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216189

More stories

Security Bulletin: IBM QRadar SIEM is affected by a remote code execution in Spring Framework (CVE-2022-22963, CVE-2022-22965, CVE-2022-22950)

June 24, 2022 | Critical Severity

IBM QRadar SIEM is affected but not vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. QVM utilizes the Spring Framework to support our Java backed user interface.. The fix includes Spring 5.3.18. ...read more


Security Bulletin: IBM CICS TX Standard is vulnerable to arbitrary code execution (CVE-2022-31767)

June 22, 2022 | Critical Severity

IBM CICS TX Advanced could allow a remote attacker to execute arbitrary commands. The fix removes this vulnerability (CVE-2022-31767) from IBM CICS TX Advanced. ...read more


Security Bulletin: IBM CICS TX Advanced is vulnerable to arbitrary code execution (CVE-2022-31767)

June 22, 2022 | Critical Severity

IBM CICS TX Advanced could allow a remote attacker to execute arbitrary commands. The fix removes this vulnerability (CVE-2022-31767) from IBM CICS TX Advanced. ...read more