High Severity

Security Bulletin: IBP javaenv and dind images

Share this post:

Versions of IBP images javaenv and dind before 2.5.1 included a version of gradle that depended upon vulnerable Apache libraries. Gradle is a build system, intended to aid in building chaincode, though not required for building chaincode.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Blockchain Platform (Software/on-prem) All

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6381832

More stories

Security Bulletin: IBM Integration Bus and IBM App Connect Enterprise v11 are affected by vulnerabilities in Node.js (CVE-2021-3450, CVE-2021-3449)

Jul 22, 2021 8:11 pm EDT | High Severity

IBM Integration Bus & IBM App Connect Enterprise V11 ship with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. ...read more

Security Bulletin: Security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Security Directory Server (CVE-2020-5258)

Jul 22, 2021 7:31 am EDT | High Severity

IBM WebSphere Application Server (WAS) is shipped with IBM Security Directory Server (ISDS). Information about security vulnerability affecting IBM WebSphere Application Server has been published in security bulletin. ...read more

Security Bulletin: Multiple vulnerabilities in F5 NGINX Controller affect IBM Cloud Pak for Automation

Jul 20, 2021 8:00 pm EDT | High Severity

The vulnerabilities are related to F5 NGINX Controller, included in the pfs-nginx-prod docker image, that is deployed by IBM Process Federation Server . ...read more