Medium Severity
Security Bulletin: IBM Spectrum Protect Plus is vulnerable to PostgreSQL Man-in-the-Middle and Slowloris Denial of Service attacks (CVE-2021-23222, CVE-2022-22354)
March 11, 2022
Categorized: Medium Severity
Share this post:
PostgreSQL is vulnerable to a man-in-the-middle attack which can affect IBM Spectrum Protect Plus. In addition, IBM Spectrum Protect Plus is vulnerable to a Slowloris denial of service attack.
CVE(s): CVE-2021-23222, CVE-2022-22354
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| IBM Spectrum Protect Plus | 10.1.0.0-10.1.9.2 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6562989
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/218383
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/220485
Security Bulletin: IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerability CVE-2021-4160
May 20, 2022 | Medium Severity
MQ for HPE NonStop Server may be using weaker than expected security due to an algorithmic problem within OpenSSL. ...read more
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Process Designer in IBM Business Automation Workflow and IBM Business Process Manager
May 19, 2022 | Medium Severity
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8, which is used by the desktop version of IBM Process Designer in both IBM Business Automation Workflow and IBM Business Process Manager. IBM Process Designer has addressed the applicable CVEs. ...read more
Security Bulletin: IBM WebSphere Application Server is vulnerable to Spoofing (CVE-2022-22365)
May 19, 2022 | Medium Severity
IBM WebSphere Application Server is vulnerable to spoofing when the Ajax Proxy Web Application (AjaxProxy.war) is deployed. This has been addressed. ...read more