High Severity

Security Bulletin: Multiple vulnerabilities in Golang Go affect Cloud Pak System

Share this post:

Multiple vulnerabilities in Golang Go affect Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities.

CVE(s): CVE-2022-24921, CVE-2020-29652, CVE-2022-24675, CVE-2022-28327, CVE-2021-44716, CVE-2022-23773, CVE-2021-44717

Affected product(s) and affected version(s):

 Affected Product(s)  Version(s)
 IBM Cloud Pak System, IBM Cloud Pak System Software,  IBM Cloud Pak System Software Suite  2.3.3.0 – 2.3.3.4

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6612805
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/221503
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/193622
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/224866
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/224871
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216553
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/219443
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216563

More stories

Security Bulletin: IBM QRadar DNS Analyzer App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2022-31129, CVE-2022-24785, CVE-2017-18214)

October 5, 2022 | High Severity

The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. IBM has addressed the vulnerabilities. ...read more


Security Bulletin: IBM Planning Analytics Workspace is affected by multiple vulnerabilities (CVE-2021-40690, CVE-2022-25647, XFID: 233967)

October 5, 2022 | High Severity

IBM Planning Analytics Workspace is affected by multiple vulnerabilities. Apache Santuario Security for Java provides a mechanism for XML-Signature & XML Encryption syntax and processing (CVE-2021-40690). Google Gson is an open-source Java library to serialize and deserialize Java objects to (and from) JSON (CVE-2022-25647). Maven okHTTP is an efficient HTTP & HTTP/2 client for Android and Java applications (XFID:233967). These vulnerabilities have been addressed. ...read more


Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2019-11777)

October 4, 2022 | High Severity

IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. ...read more