High Severity

Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to XStream, Apache Xerces2, Jackson, OpenSSL, and Java SE

Share this post:

Vulnerabilities in XStream, Apache Xerces2, Jackson, OpenSSL, and Java SE such as execution of arbitrary code, denial of service, server-side request forgery, amd weaker than expected security may affect IBM Spectrum Control.

CVE(s): CVE-2021-4160, CVE-2021-39145, CVE-2021-39147, CVE-2021-39152, CVE-2021-39148, CVE-2021-39149, CVE-2021-39151, CVE-2021-39146, CVE-2021-39141, CVE-2021-43859, CVE-2021-39140, CVE-2021-39154, CVE-2021-39144, CVE-2021-35603 , CVE-2021-39139, CVE-2021-39150, CVE-2021-35550 , CVE-2022-23437, CVE-2021-39153, IBM X-Force ID:   217968

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Spectrum Control 5.4.0 – 5.4.6

 

 

 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6590209
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/218394
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208113
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208115
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208120
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208116
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208117
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208119
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208114
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208111
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/219177
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208110
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208122
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208112
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211676
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208108
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208118
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211627
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217982
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208121

More stories

Security Bulletin: Vulnerability in Moment affects IBM Process Mining . CVE-2022-31129

August 17, 2022 | High Severity

There is a vulnerability in Moment that could allow a denial of service. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. ...read more


Security Bulletin: Vulnerability in FasterXML jackson-databind affects IBM Process Mining . CVE-2020-36518

August 17, 2022 | High Severity

There is a vulnerability in FasterXML jackson-databind that could allow a denial of service. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. ...read more


Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2022-1292 and CVE-2022-2068) or an attacker may obtain sensitive information (CVE-2022-2097) due to OpenSSL

August 17, 2022 | High Severity

A vulnerability in OpenSSL could allow a remote attacker to execute arbitrary commands (CVE-2022-1292 and CVE-2022-2068) or obtain sensitive information (CVE-2022-2097). OpenSSL is used by AIX as part of AIX's secure network communications. ...read more