High Severity

Security Bulletin: Multiple Vulnerabilities in VMware ESXi affect IBM Cloud Pak System (CVE-2021-21994, CVE-2021-21995)

Share this post:

Vulnerabilties in VMware ESXi affect IBM Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities.

CVE(s): CVE-2021-21994, CVE-2021-21995

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Cloud Pak System

V2.3.0.1, V.2.3.1.1, v.2.3.2.0

IBM Cloud Pak System

v2.3.3.0 v.2.3.3.1, v.2.3.3.2, v.2.3.3.3, v2.3.3.3 iFix 1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6499579
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205287
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205293

More stories

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i

Jan 21, 2022 7:00 pm EST | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i. IBM i has addressed the applicable CVEs. ...read more


Security Bulletin: IBM QRadar hardware appliances are vulnerable to Intel privilege escalation (CVE-2021-0144)

Jan 21, 2022 7:00 pm EST | High Severity

IBM QRadar hardware appliances are vulnerable to Intel privilege escalation ...read more


Security Bulletin: IBM Cognos Controller has addressed multiple vulnerabilities

Jan 20, 2022 7:00 pm EST | High Severity

This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Cognos Controller 10.4.0 IF11, 10.4.1 IF12 and 10.4.2 IF17. There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by IBM Cognos Controller. The applicable CVEs have been addressed by upgrading to IBM® Runtime Environment Java™ Version 8 Service Refresh 6 Fix Pack 15. If you run your own Java code using IBM® Runtime Environment Java™ delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the "IBM Java SDK Security Bulletin", located in the References section for more information. There are vulnerabilities in IBM WebSphere Application Server Liberty used by IBM Cognos Controller. The applicable CVEs have been addressed by upgrading to IBM WebSphere Application Server Liberty 20.0.0.7. XML External Entity (XXE), Authentication Bypass, External (XXE) and Modification of Assumed-Immutable Data (MAID) vulnerabilities have also been addressed in applicable versions. Please note that IBM Cognos Controller 10.4.2 IF17 also addresses Apache Log4j vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832. (See References). ...read more