High Severity

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Match 360

Share this post:

There are multiple vulnerabilities in the Apache Commons Compress library that is used by WebSphere Application Server Liberty. IBM Match 360 v4.0.3 and prior, is also vulnerable given that it uses WebSphere Application Server Liberty.

CVE(s): CVE-2021-35517, CVE-2021-36090

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Match 360 All

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6520436
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205307
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205310

More stories

Security Bulletin: IBM Cognos Controller 10.4.2 IF17: Apache Log4j vulnerability (CVE-2021-45105 & CVE-2021-44832)

Jan 15, 2022 7:01 pm EST | High Severity

IBM Cognos Controller is affected by security vulnerabilities. Apache Log4j is used by IBM Cognos Controller as part of its logging infrastructure. This bulletin addresses the exposure to the Apache Log4j vulnerabilities: CVE-2021-45105 and CVE-2021-44832. IBM Cognos Controller has upgraded Apache Log4j to v2.17.1. Please note that this update also addresses CVE-2021-44228 and CVE-2021-45046. ...read more

Security Bulletin: Multiple security vulnerabilities with IBM Content Navigator component in IBM Business Automation Workflow – CVE-2020-4757, PSIRT-ADV0028011, CVE-2020-4934

Jan 15, 2022 7:00 pm EST | High Severity

The embedded IBM Content Navigator, that is shipped with IBM Business Automation Workflow is vulnerable to several security vulnerabilities. ...read more

Security Bulletin: Vulnerability in Apache Log4j affects Content Collector for IBM Connections (CVE-2021-45105)

Jan 14, 2022 7:07 pm EST | High Severity

Apache Log4j open source library is used by Content Collector for IBM Connections. This bulletin describes the upgrades necessary to address the vulnerability. ...read more