Critical Severity

Security Bulletin: Vulnerability in Curl affects IBM Cloud Private and could allow a remote attacker to bypass security restrictions (CVE-2021-22926)

May 20, 2022

Share this post:

There is a vulnerability in the Curl open source library. Curl is used by IBM Cloud Private to transfer data . The vulnerability could allow a remote attacker to bypass security restrictions. This bulletin identifies the security fixes to apply to address the Curl vulnerability (CVE-2021-22926)

CVE(s): CVE-2021-22926

Affected product(s) and affected version(s):

Affected Product(s)	Version(s)
IBM Cloud Private	3.1.0
IBM Cloud Private	3.1.1
IBM Cloud Private	3.1.2
IBM Cloud Private	3.2.0
IBM Cloud Private	3.2.1 CD
IBM Cloud Private	3.2.2 CD

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6588169
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/206320

Critical Severity

Security Bulletin: IBM Tivoli Monitoring is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Search Posts

Resources

Feed for PSIRT Blog Posts

IBM Product Security Vulnerabilities

See information about: IBM Security Bulletins, IBM Security Vulnerability Management (PSIRT), Reporting a Security Issue, IBM Secure Engineering

Learn More

IBM Product Support Portal

Access IBM Product Support to: Subscribe to Notifications, Download Fixes & PTFs (Fix Central), Access the Directory of IBM Worldwide Contacts

See What's New

Helpful Information

Security Bulletin: IBM Tivoli Netcool Impact is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

July 5, 2022 | Critical Severity

IBM Tivoli Netcool Impact is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965).Spring is shipped as part of ActiveMQ package but is not used by the product. The fix removes Spring from the product. ...read more

Security Bulletin: IBM QRadar Network Packet Capture includes multiple vulnerable components.

July 5, 2022 | Critical Severity

The product includes multiple vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. IBM has addressed the relevant CVEs. ...read more

Security Bulletin: Vulnerability in PostgreSQL may affect IBM Spectrum Protect Plus

June 30, 2022 | Critical Severity

PostgreSQL could allow a remote attacker to gain unauthorized access to the system which may affect IBM Spectrum Protect Plus. ...read more

Critical Severity

Security Bulletin: Vulnerability in Curl affects IBM Cloud Private and could allow a remote attacker to bypass security restrictions (CVE-2021-22926)

Security Bulletin: IBM Tivoli Monitoring is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

Security Bulletin: TXSeries for Multiplatforms is vulnerable to arbitrary code execution due to IBM WebSphere Application Server Liberty (CVE-2021-23450)

Search Posts

Archives

Resources

IBM Product Security Vulnerabilities

IBM Product Support Portal

Helpful Information

Security Bulletin: IBM Tivoli Netcool Impact is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

July 5, 2022 | Critical Severity

Security Bulletin: IBM QRadar Network Packet Capture includes multiple vulnerable components.

July 5, 2022 | Critical Severity

Security Bulletin: Vulnerability in PostgreSQL may affect IBM Spectrum Protect Plus

June 30, 2022 | Critical Severity