High Severity

Security Bulletin: IBM Sterling Connect:Direct Browser User Interface is vulnerable to multiple vulnerabilities due to Jetty

June 21, 2022

Categorized: High Severity

Share this post:

There are multiple vulnerabilities in Jetty Server. Sterling Connect:Direct Browser User Interface has addressed the applicable CVEs.

CVE(s): CVE-2021-28169, CVE-2021-34428, CVE-2021-28163, CVE-2021-28164, CVE-2021-34429, CVE-2021-28165

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Sterling Connect:Direct Browser User Interface 1.5.0.2
IBM Sterling Connect:Direct Browser User Interface 1.4.1.1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6597281
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/203492
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/204227
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/199303
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/199304
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205596
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/199305


Previous Post

Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to an unspecified vulnerability due to IBM Java Runtime (CVE-2021-35603)

Next Post

Security Bulletin: A vulnerability (CVE-2021-35550) in IBM Java Runtime affects CICS Transaction Gateway
More stories

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

June 27, 2022 | High Severity

IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, Java SE and various other libraries. ...read more

Security Bulletin: A Remote Attack Vulnerability in Apache Log4j affects IBM Common Licensing's License Key Server (LKS) Administration And Reporting Tool (ART) and its Agent(CVE-2021-4104,CVE-2021-44832,CVE-2021-3100,CVE-2022-33915).

June 27, 2022 | High Severity

There is a high risk Remote Attack Vulnerability in Apache Log4j (CVE-2021-4104,CVE-2021-44832,CVE-2021-3100,CVE-2022-33915) which is used by IBM LKS Administration And Reporting Tool and its Agent. A fix is available to address the vulnerability. ...read more

Security Bulletin: Vulnerabilities in lodash library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2019-1010266, CVE-2020-28500, CVE-2018-16487, CVE-2018-3721, CVE-2020-8203, CVE-2021-23337, CVE-2019-10744)

June 27, 2022 | High Severity

lodash is used by Tivoli Netcool/OMNIbus WebGUI as part of its web client component. The fix includes lodash v4.17.21. ...read more