High Severity

Security Bulletin: Vulnerability in jsoup may affect Cúram Social Program Management (CVE-2021-37714)

Share this post:

IBM Cúram Social Program Management uses the jsoup libraries, for which there is a publicly known vulnerability. For this vulnerability jsoup is susceptible to a denial of service attack, caused by improper input validation.

CVE(s): CVE-2021-37714

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Curam SPM 8.0.0
Curam SPM 7.0.11

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6519468
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/207858

More stories

Security Bulletin: Vulnerability in Apache Log4j may affect IBM Spectrum Archive Enterprise Edition (CVE-2021-4104)

Jan 26, 2022 7:00 pm EST | High Severity

A vulnerability in Apache Log4j v1 could result in remote code execution. IBM Spectrum Archive Enterprise Edition includes the IBM Spectrum Protect Backup-Archive Client which installs the vulnerable Log4j v1 files. The below fix package includes Apache Log4j 2.17.1. ...read more


Security Bulletin: Vulnerability in Apache Log4j may affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2021-4104)

Jan 26, 2022 7:00 pm EST | High Severity

A vulnerability in Apache Log4j (CVE-2021-4104) has been identified that may affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data. Several components of IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data use Log4j to log diagnostic data unrelated to customer input. The fix below includes Log4j 2.17. ...read more


Security Bulletin: IBM MegaRAID Storage Manager is affected by a vulnerability in Log4j (CVE-2021-4104)

Jan 26, 2022 7:00 pm EST | High Severity

The following vulnerability in Log4j has been addressed by IBM MegaRAID Storage Manager. This fix includes the removal of Log4j. ...read more