Critical Severity

Security Bulletin: Multiple security vulnerabilities affect IBM Cloud Foundry Migration Runtime

Share this post:

There are multiple Ruby vulnerabilities that affect IBM Cloud Foundry Migration Runtime that could cause a denial of service, HTTP response splitting, a remote attacker to bypass security restrictions, a remote attacker to obtain sensitive information, a local attacker to gain unauthorized access to the system and a local authenticated attacker to execute arbitrary code on the system.

CVE(s): CVE-2021-25217, CVE-2020-25613, CVE-2021-28965, CVE-2019-15845, CVE-2019-16201, CVE-2019-16254, CVE-2019-16255, CVE-2019-3881, CVE-2020-10663, CVE-2020-10933, CVE-2021-33910

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Cloud Foundry Migration Runtime 4.1.1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6498497
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/202604
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/189414
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/200534
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/169463
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/169462
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/169464
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/169465
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/187807
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/181414
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/181416
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205907

More stories

An update on the Apache Log4j 2.x vulnerabilities

Jan 19, 2022 4:35 pm EST | Critical Severity

Updated January 19, 4:35pm: IBM’s top priority remains the security of our clients and products. IBM is actively responding to the remote code execution vulnerability in the Apache Log4j 2 Java library dubbed Log4Shell (or LogJam). ...read more


Security Bulletin: Apache Log4j vulnerability may affect IBM Sterling B2B Integrator (CVE-2021-44228)

Jan 18, 2022 7:02 pm EST | Critical Severity

IBM Sterling B2B Integrator is impacted by Log4Shell (CVE-2021-44228), through the use of Apache Log4j's JNDI logging feature. Final remediation images published below. As an alternative to the final remediation images, manual mitigation steps are also provided below. ...read more


Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling B2B Integrator (CVE-2021-45105, CVE-2021-45046)

Jan 18, 2022 7:02 pm EST | Critical Severity

Apache Log4j has vulnerabilities that affect IBM Sterling B2B Integrator. Final remediation images published below. As an alternative to the final remediation images, manual mitigation steps are also provided below. ...read more