Number: AV21-627
Date: 13 December 2021

Between 6 and 12 December 2021 IBM published Security Bulletins to address vulnerabilities in multiple products. Included were critical updates for the following:

  • IBM App Connect Enterprise – versions V11, V11.0.0.0 to V11.0.0.12
  • IBM Spectrum Copy Data Management – versions 2.2.13 and prior
  • IBM Spectrum Protect Backup-Archive Client – multiple versions
  • IBM – Apache Log4j Vulnerability – multiple versions and platforms

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, when available.

IBM App Connect Enterprise
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-v11-is-affected-by-vulnerabilities-in-node-js-cve-2021-23358-3/

IBM Spectrum Copy Data Management
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jackson-jquery-and-dom4j-affect-ibm-spectrum-copy-data-management/  
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-xstream-affect-ibm-spectrum-copy-data-management/

IBM Spectrum Protect Backup-Archive Client
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-backup-archive-client-netapp-services-cve-2021-3712-cve-2021-3711/

IBM – Apache Log4j Vulnerability
https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/

IBM Product Security Incident Response
https://www.ibm.com/blogs/psirt/



Source link