High Severity

Security Bulletin: Vulnerabilities in Golang Go and MinIO may affect IBM Spectrum Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift (CVE-2022-29804, CVE-2022-30580, CVE-2022-30629, CVE-2022-30634, CVE-2022-35919, CVE-2022-31028)

Share this post:

Multiple vulnerabilities in Golang Go and MinIO may affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift. Vulnerabilities include bypassing of security restrictions, execution of arbitrary code, obtaining sensitive information, denial of service, and directory traversal.

CVE(s): CVE-2022-29804, CVE-2022-30580, CVE-2022-30629, CVE-2022-30634, CVE-2022-35919, CVE-2022-31028

Affected product(s) and affected version(s):

 
Affected Product(s) Version(s)
IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes 10.1.5-10.1.11
IBM Spectrum Protect Plus Container Backup and Restore for Red Hat OpenShift 10.1.7-10.1.11

 

 

 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6619963
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/229857
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/229858
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/229859
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/229860
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/232582
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/228045

More stories

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime affect z/Transaction Processing Facility

September 22, 2022 | High Severity

There are multiple vulnerabilities in IBM® Semeru Runtime Certified Edition 11 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs. ...read more


Security Bulletin: A spoofing vulnerablity due to an exposure in Eclipse Paho used by IBM WebSphere Application Server Liberty affects TXSeries for Multiplatforms

September 22, 2022 | High Severity

TXSeries for Multiplatforms has addressed the following identity spoofing vulnerability in Eclipse Paho reported by IBM® WebSphere Application Server Liberty ...read more


Security Bulletin: IBM CICS TX Advanced is vulnerable to spoofing due to a flaw in Eclipse Paho, used by IBM WebSphere Application Server Liberty (CVE-2019-11777)

September 22, 2022 | High Severity

WebSphere Application Server Liberty is used by IBM CICS TX Advanced to provide a web based administration console. The fix removes the spoofing vulnerability CVE-2019-11777 from Liberty. ...read more