Critical Severity
Security Bulletin: Vulnerabilities in Apache Log4j impact IBM Spectrum Protect Plus (CVE-2021-45105, CVE-2021-45046)
January 3, 2022
Categorized: Critical Severity
Share this post:
Vulnerabilities in Apache Log4j could result in a denial of service or remote code execution. These vulnerabilities may impact the Help system in IBM Spectrum Protect Plus. The below fix package includes Apache Log4j 2.17
CVE(s): CVE-2021-45105, CVE-2021-45046
Affected product(s) and affected version(s):
Affected Product(s) | Version(s) |
IBM Spectrum Protect Plus | 10.1.0.0-10.1.9.1 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6537634
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215647
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215195
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in MS Visual Studio (CVE-2022-24765).
August 4, 2022 | Critical Severity
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to vulnerable to arbitrary code execution in MS Visual Studio, caused by an uncontrolled search for the Git directory in Git (CVE-2022-24765). Git for Visual Studio is used in the base operating system of IBM Watson Speech. Please read the details for remediation below. ...read more
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a buffer overflow in Perl (CVE-2020-12723).
August 4, 2022 | Critical Severity
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a buffer overflow in Perl, caused by recursive S_study_chunk calls in regcomp.c (CVE-2020-12723). This could allow a remote attacker to overflow a buffer and execute arbitrary code on the system. Perl is included in some of the operators used in IBM Watson Speech. Please read the details for remediation below. ...read more
Security Bulletin: IBM Sterling B2B Integrator is affected by a remote code execution in Spring Framework (CVE-2022-22965)
August 3, 2022 | Critical Severity
IBM Sterling B2B Integrator is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Spring Framework is used in the web application. Updated Spring library will be shipped in upcoming fix pack. ...read more