Critical Severity

Security Bulletin: Multiple vulnerabilities in multiple dependencies affect IBM MessageGateway/ MessageSight

Share this post:

There are multiple vulnerabilities in Liberty, IBM Runtime Environment Java Version 8.0, Dojo and OpenSSL used by IBM MessageGateway/ MessageSight

CVE(s): CVE-2022-21365 , CVE-2022-21360 , CVE-2022-21349 , CVE-2022-21341 , CVE-2022-21340 , CVE-2022-21305 , CVE-2022-21294 , CVE-2022-21293 , CVE-2022-21291 , CVE-2022-21248 , CVE-2021-4160, CVE-2022-22310, CVE-2021-39038, CVE-2021-39031, CVE-2022-0778, CVE-2021-23450, CVE-2021-43085, CVE-2018-25031, CVE-2021-46708

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM WIoTP MessageGateway 5.0.0.1
IBM IoT MessageSight 5.0.0.0

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6592587
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217659
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217654
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217643
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217636
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217635
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217600
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217589
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217588
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217586
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217543
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/218394
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217224
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/213968
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/213875
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/221911
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216463
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/222544
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217346
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217359

More stories

Security Bulletin: IBM Case Manager is affected but not classified as vulnerable to a remote code execution in Spring Framework [CVE-2022-22965]

September 30, 2022 | Critical Severity

IBM Case Manager is affected but not classified as vulnerable to a remote code execution in Spring Framework [CVE-2022-22965]. To be vulnerable a product must meet all of the following criterias: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Cloud connector service if enabled will use only the spring, as in a client to make only the REST calls with IBM Cloud Mangement Console. The fix includes Spring 5.3.18. IBM Case Manager doesn't meet all of the criterias and, therefore, is not vulnerable. ...read more


Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC

September 23, 2022 | Critical Severity

There are multiple vulnerabilities in Curl that affect PowerSC. ...read more


Security Bulletin: A security vulnerability has been identified in Postgresql shipped with IBM Tivoli Netcool Impact (CVE-2022-26520, CVE-2022-21724, 220313)

September 21, 2022 | Critical Severity

Postgresql is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting Postgresql has been published in a security bulletin. ...read more