Critical Severity
Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Protect Plus (CVE-2021-44228)
December 17, 2021
Categorized: Critical Severity
Share this post:
A vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. This vulnerability may affect the Help system in IBM Spectrum Protect Plus .
CVE(s): CVE-2021-44228
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| IBM Spectrum Protect Plus | 10.1.0.0-10.1.9.0 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6527828
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/214921
Security Bulletin: IBM Sterling Control Center is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
May 25, 2022 | Critical Severity
IBM Sterling Control Center is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. The fix includes Spring Framework 5.3.18. ...read more
Security Bulletin: IBM Sterling Connect:Direct for UNIX is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
May 24, 2022 | Critical Severity
IBM Sterling Connect:Direct for UNIX is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. The fix includes Spring 2.6.6. ...read more
Security Bulletin: IBM Tivoli Monitoring is vulnerable to remote code execution and denial of service due to multiple Expat CVEs
May 20, 2022 | Critical Severity
The libexpart parser that is used by IBM Tivoli Monitoring for parsing various configuration xml files and parsing soap requests is potentially vulnerable to the following remote code execution CVE's: CVE-2021-46143 CVE-2022-25314 CVE-2022-23990 CVE-2022-22825 CVE-2022-23852 CVE-2022-22824 CVE-2022-22823 CVE-2022-22826 CVE-2022-22827 CVE-2022-22822 CVE-2022-25315 and the following denial of service CVE's: CVE-2021-45960 CVE-2022-25236 CVE-2022-25235 CVE-2022-25313. Most of the vulnerabilities would require the system to be locally compromised such that a bad actor could modify file locally. ...read more