Number: AV22-317
Date: 13 June 2022
Between 6 and 12 June 2022 IBM published Security Bulletins to address vulnerabilities in multiple products. Included were critical updates for the following:
- IBM Cognos Command Center – version 10.2.4.1
- IBM Db2 – version v11.5
- IBM Db2 Web Query for i – versions 2.3.0 and 2.2.1
- IBM Hardware Management Console (HMC) – versions 89.0x.xx.xx, 89.1x.xx.xx and 89.2x.xx.xx
- IBM IoT MessageSight – version 5.0.0.0
- IBM MaaS360 Cloud Extender Agent – version 2.106.100.008 and prior
- IBM MaaS360 Mobile Enterprise Gateway – version 2.106.200 and prior
- IBM MaaS360 VPN Module – version 2.106.100 and prior
- IBM Process Mining – version 1.12.0.3
- IBM Security SiteProtector System – version 3.1.1
- IBM Spectrum Copy Data Management – versions 2.2.0.0 to 2.2.15.0
- IBM Sterling Connect Direct Web Services – versions 1.0, 6.1.0, 6.2.0 and 6.0
- IBM WIoTP MessageGateway – version 5.0.0.1
- ICP – IBM Match 360 – version 4.0.7 and prior
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.
IBM Product Security Incident Response
Spring remote code execution vulnerabilities (AL22-004)
IBM – Apache Log4j Vulnerability
Active Exploitation of Apache Log4j Vulnerability (AL21-019)