High Severity

Security Bulletin: IBM WebSphere Application Server Liberty vulnerabilities affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Virtual Environments, and IBM Spectrum Protect for Space Management (CVE-2021-35517, CVE-2021-36090)

March 11, 2022

Share this post:

Denial of service vulnerabilities in Apache Commons which affects IBM WebSphere Application Server Liberty can affect the IBM Spectrum Protect Backup-Archive Client web user interface, IBM Spectrum Protect for Virtual Environments, and IBM Spectrum Protect for Space Management.

CVE(s): CVE-2021-35517, CVE-2021-36090

Affected product(s) and affected version(s):

Affected Product(s)	Version(s)
IBM Spectrum Protect Backup-Archive Client web user interface	8.1.7.0-8.1.13.3 (Linux and Windows) 8.1.9.0-8.1.13.3 (AIX)
IBM Spectrum Protect for Virtual Environments: Data Protection for VMware	8.1.0.0-8.1.13.3
IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V	8.1.4.0-8.1.13.3
IBM Spectrum Protect for Space Management	8.1.7.0-8.1.13.3 (Linux) 8.1.9.0-8.1.13.3 (AIX)

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6562383
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205307
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205310

High Severity

Security Bulletin: IBM Integration Designer is vulnerable to arbitrary code execution because of Apache Log4j (CVE-2021-4104)

Search Posts

Resources

Feed for PSIRT Blog Posts

IBM Product Security Vulnerabilities

See information about: IBM Security Bulletins, IBM Security Vulnerability Management (PSIRT), Reporting a Security Issue, IBM Secure Engineering

Learn More

IBM Product Support Portal

Access IBM Product Support to: Subscribe to Notifications, Download Fixes & PTFs (Fix Central), Access the Directory of IBM Worldwide Contacts

See What's New

Helpful Information

Security Bulletin: IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerability CVE-2022-0778

May 20, 2022 | High Severity

An issue was identifed in OpenSSL when MQ is using it to parse certificates. ...read more

Security Bulletin: OpenSSL publicly disclosed vulnerability affects IBM MobileFirst Platform Foundation

May 17, 2022 | High Severity

IBM MobileFirst Platform Foundation has addressed the following vulnerability by updating the version of OpenSSL ...read more

Security Bulletin: Vulnerabilities in IBM HTTP Server affect IBM Netezza Performance Portal

May 17, 2022 | High Severity

IBM HTTP Server is used by IBM Netezza Performance Portal. IBM Netezza Performance Portal has addressed the applicable CVEs. ...read more

High Severity

Security Bulletin: IBM WebSphere Application Server Liberty vulnerabilities affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Virtual Environments, and IBM Spectrum Protect for Space Management (CVE-2021-35517, CVE-2021-36090)

Security Bulletin: IBM Integration Designer is vulnerable to arbitrary code execution because of Apache Log4j (CVE-2021-4104)

Security Bulletin: Vulnerabilities in IBM Java Runtime and Golang Go affect IBM Spectrum Protect Server (CVE-2021-35578, CVE-2021-44716, CVE-2021-44717)

Search Posts

Archives

Resources

IBM Product Security Vulnerabilities

IBM Product Support Portal

Helpful Information

Security Bulletin: IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerability CVE-2022-0778

May 20, 2022 | High Severity

Security Bulletin: OpenSSL publicly disclosed vulnerability affects IBM MobileFirst Platform Foundation

May 17, 2022 | High Severity

Security Bulletin: Vulnerabilities in IBM HTTP Server affect IBM Netezza Performance Portal

May 17, 2022 | High Severity