High Severity
Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to XStream, Apache Xerces2, Jackson, OpenSSL, and Java SE
May 26, 2022
Categorized: High Severity
Share this post:
Vulnerabilities in XStream, Apache Xerces2, Jackson, OpenSSL, and Java SE such as execution of arbitrary code, denial of service, server-side request forgery, amd weaker than expected security may affect IBM Spectrum Control.
CVE(s): CVE-2021-4160, CVE-2021-39145, CVE-2021-39147, CVE-2021-39152, CVE-2021-39148, CVE-2021-39149, CVE-2021-39151, CVE-2021-39146, CVE-2021-39141, CVE-2021-43859, CVE-2021-39140, CVE-2021-39154, CVE-2021-39144, CVE-2021-35603 , CVE-2021-39139, CVE-2021-39150, CVE-2021-35550 , CVE-2022-23437, CVE-2021-39153, IBM X-Force ID: 217968
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| IBM Spectrum Control | 5.4.0 – 5.4.6 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6590209
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/218394
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208113
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208115
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208120
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208116
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208117
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208119
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208114
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208111
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/219177
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208110
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208122
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208112
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211676
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208108
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208118
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211627
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217982
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208121
Security Bulletin: Vulnerability in Moment affects IBM Process Mining . CVE-2022-31129
August 17, 2022 | High Severity
There is a vulnerability in Moment that could allow a denial of service. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. ...read more
Security Bulletin: Vulnerability in FasterXML jackson-databind affects IBM Process Mining . CVE-2020-36518
August 17, 2022 | High Severity
There is a vulnerability in FasterXML jackson-databind that could allow a denial of service. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. ...read more
Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2022-1292 and CVE-2022-2068) or an attacker may obtain sensitive information (CVE-2022-2097) due to OpenSSL
August 17, 2022 | High Severity
A vulnerability in OpenSSL could allow a remote attacker to execute arbitrary commands (CVE-2022-1292 and CVE-2022-2068) or obtain sensitive information (CVE-2022-2097). OpenSSL is used by AIX as part of AIX's secure network communications. ...read more