Critical Severity

Security Bulletin: Vulnerability in Curl affects IBM Cloud Private and could allow a remote attacker to bypass security restrictions (CVE-2021-22926)

Share this post:

There is a vulnerability in the Curl open source library. Curl is used by IBM Cloud Private to transfer data . The vulnerability could allow a remote attacker to bypass security restrictions. This bulletin identifies the security fixes to apply to address the Curl vulnerability (CVE-2021-22926)

CVE(s): CVE-2021-22926

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Cloud Private 3.1.0
IBM Cloud Private 3.1.1
IBM Cloud Private 3.1.2
IBM Cloud Private 3.2.0
IBM Cloud Private 3.2.1 CD
IBM Cloud Private 3.2.2 CD

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6588169
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/206320

More stories

Security Bulletin: IBM Tivoli Netcool Impact is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

July 5, 2022 | Critical Severity

IBM Tivoli Netcool Impact is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965).Spring is shipped as part of ActiveMQ package but is not used by the product. The fix removes Spring from the product. ...read more


Security Bulletin: IBM QRadar Network Packet Capture includes multiple vulnerable components.

July 5, 2022 | Critical Severity

The product includes multiple vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. IBM has addressed the relevant CVEs. ...read more


Security Bulletin: Vulnerability in PostgreSQL may affect IBM Spectrum Protect Plus

June 30, 2022 | Critical Severity

PostgreSQL could allow a remote attacker to gain unauthorized access to the system which may affect IBM Spectrum Protect Plus. ...read more