High Severity

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Match 360

Share this post:

There are multiple vulnerabilities in the Apache Commons Compress library that is used by WebSphere Application Server Liberty. IBM Match 360 v4.0.3 and prior, is also vulnerable given that it uses WebSphere Application Server Liberty.

CVE(s): CVE-2021-35517, CVE-2021-36090

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Match 360 All

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6520436
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205307
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205310

More stories

Security Bulletin: CP4D Match 360 is impacted due to vulnerability in IBM WebSphere Application Server Liberty spoofing due to Eclipse Paho (CVE-2019-11777)

October 3, 2022 | High Severity

There is a vulnerability in the Eclipse Paho library used by IBM WebSphere Application Server Liberty with the rtcomm-1.0 or rtcommGateway-1.0 feature enabled. Provided that IBM Match 360 uses WebSphere Liberty Profile, this vulnerability has been addressed in IBM Match 360 v4.5.2 and prior. ...read more


Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

October 3, 2022 | High Severity

A vulnerability in Apache Tomcat affects the product's management GUI. The Command Line Interface is unaffected. ...read more


Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

October 3, 2022 | High Severity

Java is used by IBM Robotic Process Automation for Cloud Pak as part of several container services that run Java applications. ...read more