Medium Severity
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact (CVE-2022-21496, CVE-2022-21434, CVE-2022-21443)
July 6, 2022
Categorized: Medium Severity
Share this post:
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. These issues were disclosed in the Oracle April 2022 Critical Patch Update, minus CVE-2022-21426
CVE(s): CVE-2022-21496 , CVE-2022-21434 , CVE-2022-21443
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| IBM Tivoli Netcool Impact | 7.1.0 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6601533
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/224777
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/224718
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/224726
Security Bulletin: IBM Netezza for Cloud Pak for Data is vulnerable to injection attack due to urllib package in Python3 (CVE-2022-0391)
August 9, 2022 | Medium Severity
IBM Netezza for Cloud Pak for Data is vulnerable to injection attack due to improper input validation by the urllib.parse module from Python3. Vulnerability is addressed by upgrading Pytthon to version 3.9.7. ...read more
Security Bulletin: IBM Sterling B2B Integrator is vulnerable to denial of service due to SnakeYAML (CVE-2017-18640)
August 9, 2022 | Medium Severity
MyFG 2.0 of IBM Sterling B2B Integrator uses SnakeYAML. There is a denial of service vulnerability in SnakeYAML which has been addressed. ...read more
Security Bulletin: Vulnerabilities in the Java JDK affect IBM Event Streams (CVE-2021-35550, CVE-2021-35603)
August 9, 2022 | Medium Severity
There are a number of vulnerabilities in the Java JDK used by IBM Event Streams. ...read more