Low Severity

Security Bulletin: Vulnerability in Elasticsearch affects IBM Cloud Private (CVE-2021-22135, CVE-2021-22137)

Share this post:

There is a vulnerability in the Elasticsearch open source library. The library is used by IBM Cloud Private logging. This bulletin identifies the security fixes to apply to address the Elasticsearch vulnerability (CVE-2021-22135, CVE-2021-22137).

CVE(s): CVE-2021-22135, CVE-2021-22137

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Cloud Private 3.2.1 CD
IBM Cloud Private 3.2.2 CD

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6538158
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/201914
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/201915

More stories

Security Bulletin: Vulnerability in Apache Log4j affects IBM Cloud Private (CVE-2021-45046)

Jan 18, 2022 7:02 pm EST | Low Severity

There is a vulnerability in the Apache Log4j open source library. The library is used by Elasticsearch, a dependency of IBM Cloud Private, for logging messages to files. This bulletin identifies the security fixes to apply to address the Log4Shell vulnerability (CVE-2021-45046). ...read more


Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Java version used in it.(CVE-2021-2341)

Jan 17, 2022 7:03 pm EST | Low Severity

IBM Rational Build Forge version 8.0 to 8.0.0.20 is affected by the Java version used in it. CVE-2021-2341 ...read more


Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-39275)

Jan 17, 2022 7:02 pm EST | Low Severity

IBM Rational Build Forge version 8.0.x is affected by CVE-2021-39275 ...read more