High Severity

Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (Oct. 2021 V1)

Share this post:

Multiple vulnerabilities affect IBM Cloud Object Storage Systems. These vulnerabilities have been addressed in the latest ClevOS releases.

CVE(s): CVE-2021-31916, CVE-2020-28374, CVE-2021-31829, CVE-2021-3347, CVE-2021-3679, CVE-2020-36312, CVE-2021-3483, CVE-2021-33909, CVE-2021-27365, CVE-2021-27364, CVE-2021-27363, CVE-2021-28964, CVE-2021-28972, CVE-2021-28971, CVE-2021-29647, CVE-2021-29650, CVE-2021-22555, CVE-2021-32399, CVE-2021-3753

Affected product(s) and affected version(s):

CVEs IDs Affected Version(s)
CVE-2021-31916 3.15.8.111 or prior 3.15 Release
CVE-2020-28374 3.15.7.80 or prior 3.15 Release
CVE-2021-31829 3.15.7.60 or prior 3.15 Release
CVE-2021-3347 3.15.7.60 or prior 3.15 Release
CVE-2021-3679 3.15.7.60 or prior 3.15 Release
 CVE-2020-36312 3.15.7.60 or prior 3.15 Release
CVE-2021-3483 3.15.7.60 or prior 3.15 Release
CVE-2021-33909 3.15.7.60 or prior 3.15 Release
CVE-2021-27365 3.15.7.60 or prior 3.15 Release
CVE-2021-27364 3.15.7.43 or prior 3.15 Release
 CVE-2021-27363 3.15.7.43  or prior 3.15 Release
 CVE-2021-28964 3.15.7.60 or prior 3.15 Release
 CVE-2021-28972 3.15.1.52 or prior 3.15 Release
 CVE-2021-28971 3.15.1.52 or prior 3.15 Release
CVE-2021-29647 3.15.1.52 or prior 3.15 Release
 CVE-2021-29650 3.15.4.38 or prior 3.15 Release
CVE-2021-22555 3.15.4.38 or prior 3.15 Release
 CVE-2021-32399 3.15.4.38 or prior 3.15 Release
CVE-2021-3753 3.15.4.38 or prior 3.15 Release

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6497781
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/201512
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/194620
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/201175
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/195798
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/206899
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/199532
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/199527
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205906
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/197859
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/197858
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/197857
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198508
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198510
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/198509
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/199198
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/199201
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/204997
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/201653
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208589

More stories

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Commons Compress

Nov 30, 2021 7:04 pm EST | High Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Commons Compress. ...read more


Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Match 360

Nov 30, 2021 7:04 pm EST | High Severity

There are multiple vulnerabilities in the Apache Commons Compress library that is used by WebSphere Application Server Liberty. IBM Match 360 v4.0.3 and prior, is also vulnerable given that it uses WebSphere Application Server Liberty. ...read more


Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Axios

Nov 30, 2021 7:03 pm EST | High Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Axios. ...read more