Download
Abstract
This document lists the fixes contained in IBM Cloud Pak® System Version 2.3.3.6.
Download Description
To download Version 2.3.3.6, go to the IBM Cloud Pak System product page on IBM Fix Central.
Security vulnerabilities
IBM Cloud Pak System Version 2.3.3.6 includes fixes for these security vulnerabilities:
|
Relevant vulnerabilities |
Summary |
Security bulletin |
|---|---|---|
|
CVE-2021-0197, CVE-2021-0198, CVE-2021-0199 |
Intel Ethernet controllers - denial of service |
|
|
CVE-2021-0200 |
Intel Ethernet controllers privilege escalation |
|
|
231872 - IBM X-Force Exchange |
VMware ESXi code execution |
|
|
CVE-2022-31696, CVE-2022-31699 |
VMware ESXi security bypass, information disclosure |
|
|
CVE-2022-26373 |
VMware ESXi information disclosure |
|
|
CVE-2022-31681 |
VMware ESXi denial of service |
|
|
CVE-2022-32189 |
Golang Go denial of service |
|
|
CVE-2022-30631 |
Golang Go denial of service |
|
|
CVE-2022-30630 |
Golang Go denial of service |
|
|
CVE-2022-30635 |
Golang Go denial of service |
|
|
CVE-2022-1705 |
Golang Go HTTP request smuggling |
|
|
CVE-2022-32148 |
Golang Go information disclosure |
|
|
CVE-2022-30632 |
Golang Go denial of service |
|
|
CVE-2022-30633 |
Golang Go denial of service |
|
|
CVE-2022-30629 |
Golang Go information disclosure |
|
|
CVE-2022-27664 |
Golang Go denial of service |
|
|
CVE-2022-28131 |
Golang Go denial of service |
|
|
CVE-2022-29804 |
Golang Go security bypass |
|
|
CVE-2022-1962 |
Golang Go denial of service |
|
|
CVE-2020-13936 |
Velocity code execution |
|
|
CVE-2016-6814, CVE-2015-3253 |
Groovy code execution |
|
|
CVE-2022-25857 |
Java package snakeyam denial of service |
|
|
CVE-2015-1832, CVE-2018-1313 |
Derby XML External Entity(XXE) information disclosure, and security bypass |
|
|
CVE-2022-42004, CVE-2020-36518, CVE-2022-42003, 217968 |
FasterXML jackson-databind denial of service |
|
|
CVE-2018-1000632 |
dom4j code execution |
|
|
CVE-2021-42550 |
Logback code execution |
|
|
CVE-2020-11979 |
Ant temporary file security bypass |
|
|
CVE-2021-37533 |
Commons Net information disclosure |
|
|
CVE-2021-36374, CVE-2021-36373, CVE-2020-1945 |
Ant denial of service, security bypass (CVE-2020-1945) |
|
|
CVE-2020-13956 |
HttpClient security bypass |
|
|
CVE-2022-28693, CVE-2022-29901 |
Intel Processors information disclosure |
|
|
CVE-2022-23816, CVE-2022-23825 |
Xen information disclosure |
|
|
CVE-2021-39031 |
WebSphere Application Server Liberty LDAP injection |
|
|
CVE-2022-34165 |
WebSphere Application Server Liberty HTTP injection |
|
|
CVE-2021-35550 |
Java SE information disclosure |
|
|
CVE-2022-21365, CVE-2022-21360, CVE-2022-21341, CVE-2022-21340, CVE-2022-21294, CVE-2022-21293, CVE-2022-21248 |
IBM SDK, Java Technology Edition Quarterly CPU - Jan 2022 |
|
|
CVE-2022-21496, CVE-2022-21434, CVE-2022-21443 |
IBM SDK, Java Technology Edition Quarterly CPU - Apr 2022 |
|
|
CVE-2022-21299 |
IBM Java XML vulnerability CVE |
|
|
CVE-2021-2163 |
Java SE unspecified |
|
|
CVE-2021-41041 |
Eclipse Openj9 security bypass |
|
|
CVE-2021-35603 |
Java SE information disclosure |
|
|
CVE-2022-31697, CVE-2022-31698 |
VMware vCenter Server information disclosure, denial of service |
|
|
CVE-2018-6594, CVE-2013-1445, CVE-2012-2417, CVE-2013-7459 |
PyCrypto information disclosures, weak security, buffer overflow |
|
|
CVE-2022-0536, CVE-2022-0155 |
Node.js follow-redirects module information disclosure |
|
|
CVE-2021-3803 |
Nth-check denial of service |
|
|
CVE-2021-23346 |
Node.js html-parse-stringify and html-parse-stringify2 modules denial of service |
|
|
CVE-2022-21123, CVE-2022-21125, CVE-2022-21127, CVE-2022-21166 |
Intel Processors information disclosure |
|
|
CVE-2022-0001, CVE-2022-0002 |
Multiple Intel Processors information disclosures |
|
|
CVE-2022-34884, CVE-2022-34888 |
Lenovo XClarity Controller (XCC) denial of service, tampering |
|
|
CVE-2022-22389, CVE-2022-22390 |
Db2 denial of service, information disclosure |
|
|
CVE-2020-4914 |
Cloud Pak System session logout invalidation |
|
|
CVE-2021-44142 |
Samba code execution |
|
|
CVE-2022-40674 |
Libexpat code execution |
For more information about IBM Product Security articles, see these links:
- https://www.ibm.com/support/pages/bulletin/
- https://www.ibm.com/support/pages/ibm-security-vulnerability-management
IBM Cloud Pak System APARs
The following table contains the Authorized Program Analysis Reports (APARs) and other fixes that are included in this release. If an integrated pattern or component is not listed, there were no fixes for that pattern or component in this version. The upgrade recommendation is to move directly to 2.3.3.6.
| APAR | APAR Description |
|---|---|
| IT28528 | Event: X509v3, Certificate Validation failed, Info: Reason = certificate expired for SAN Switch S/N#J1136NRS3 |
|
Using nonbreaking space characters in the "Version" field of cbscript.json allows duplicate names of the script package.
|
|
|
The "Getting started" page has out-of-date information and links.
|
|
|
Storage node status remains in the "Warning" state after hardware repair and warnings are closed.
|
|
|
The "Check for Upgrades" button is disabled on Virtual System Instances.
|
|
| IT42111 | CMMVC5732E error when you view the storage controller in the diagnostic console. |
| IT42147 | User interface performance issues on accessing Virtual Patterns from Environment Profile. |
| IT42382 | Unable to add or change the number of CPUs and memory for the RHEL 8 virtual machine. |
| IT42595 | Java 8 Update 291 is causing the TEP portal to no longer start correctly. |
| IT42692 | Compute nodes show "ready for update" when the status must be "up to date". |
| IT42774 | IBM Cloud Pak System Gen 4 system user interface does not show the correct network speed. |
| IT42954 | IBM Spectrum Scale multinode deployment issues on IBM Cloud Pak System 2.3.3.4 with RHEL8 image. |
| IT43018 | The /usr/bin/python path is missing after deployment and security updates in the RHEL 8 Version 4.0.0.0 image. |
| IT43019 | Cloning of an RHEL 8 image on IBM Cloud Pak System 2.3.3.4 is not working. |
| IT43020 | The local_repo gets corrupted when "Red Hat Satellite shared service" is installed in the Environment Profile. |
Problems (APARS) fixed
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
31 March 2023
UID
ibm16959037