Number: AV21-627
Date: 13 December 2021
Between 6 and 12 December 2021 IBM published Security Bulletins to address vulnerabilities in multiple products. Included were critical updates for the following:
- IBM App Connect Enterprise – versions V11, V11.0.0.0 to V11.0.0.12
- IBM Spectrum Copy Data Management – versions 2.2.13 and prior
- IBM Spectrum Protect Backup-Archive Client – multiple versions
- IBM – Apache Log4j Vulnerability – multiple versions and platforms
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, when available.
IBM App Connect Enterprise
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-v11-is-affected-by-vulnerabilities-in-node-js-cve-2021-23358-3/
IBM Spectrum Copy Data Management
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jackson-jquery-and-dom4j-affect-ibm-spectrum-copy-data-management/
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-xstream-affect-ibm-spectrum-copy-data-management/
IBM Spectrum Protect Backup-Archive Client
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-backup-archive-client-netapp-services-cve-2021-3712-cve-2021-3711/
IBM – Apache Log4j Vulnerability
https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/
IBM Product Security Incident Response
https://www.ibm.com/blogs/psirt/