Critical Severity

Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (Nov. 2021 V1)

Share this post:

Multiple vulnerabilities affect IBM Cloud Object Storage Systems. These vulnerabilities have been addressed in the latest ClevOS releases.

CVE(s): CVE-2020-28491, CVE-2021-34798, CVE-2021-40438, CVE-2021-3711, CVE-2020-27216, CVE-2021-39275, CVE-2021-27928, CVE-2021-27218, CVE-2021-27219

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
CVE-2021-27928 3.16.1.24 or Prior Releases 
CVE-2021-3711 3.16.1.24 or Prior Releases 
CVE-2021-40438 3.16.1.24 or Prior Releases 
CVE-2020-28491 3.16.1.24 or Prior Releases 
CVE-2021-27218 3.16.1.24 or Prior Releases 
CVE-2021-27219 3.16.1.24 or Prior Releases 
CVE-2020-27216 3.16.1.24 or Prior Releases 
CVE-2021-39275 3.16.1.24 or Prior Releases 
CVE-2021-34798 3.16.1.24 or Prior Releases 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6514475
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/197038
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/209518
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/209526
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208072
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/190474
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/209529
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198521
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/196784
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/196782

More stories

Security Bulletin: IBM Tivoli Netcool/OMNIbus Common Integration Libraries is vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)

Jan 27, 2022 7:03 pm EST | Critical Severity

IBM Tivoli Netcool/OMNIbus Common Integration Libraries is vulnerable to arbitrary code execution and denial of service due to Apache Log4j as part of the logging functionality. These vulnerabilities have been addressed. The fix includes Apache Log4j v2.17.1. ...read more


Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105) and arbitrary code execution due to Apache Log4j (CVE-2021-45046)

Jan 27, 2022 7:03 pm EST | Critical Severity

There are multiple Apache Log4j vulnerabilities (CVE-2021-45105, CVE-2021-45046) impacting IBM Decision Optimization for Cloud Pak for Data which uses Apache Log4j for logging. The fix includes Apache Log4j 2.17. ...read more


Security Bulletin: Apache Log4j vulnerability may affect IBM Sterling B2B Integrator (CVE-2021-44228)

Jan 27, 2022 7:02 pm EST | Critical Severity

IBM Sterling B2B Integrator is impacted by Log4Shell (CVE-2021-44228), through the use of Apache Log4j's JNDI logging feature. Final remediation images published below. As an alternative to the final remediation images, manual mitigation steps are also provided below. ...read more