Number: AV22-283
Date: 24 May 2022
Between 16 and 23 May 2022 IBM published Security Bulletins to address vulnerabilities in multiple products. Included were critical updates for the following:
- IBM Cloud Private – versions 3.1.0, 3.1.1, 3.1.2, 3.2.0, 3.2.1 CD and 3.2.2 CD
- IBM MQ Operator CD release – version 1.8.0
- IBM MQ Operator EUS release – version 1.3.2
- IBM Planning Analytics Workspace – version 2.0
- IBM Robotic Process Automation with Automation Anywhere – version 19.0
- IBM Spectrum Protect Plus – version 10.1.0.0 to 10.1.9.3
- IBM Supplied MQ Advanced Queue Manager Container images – versions 9.2.5.0 to r1 and 9.2.0.4 to r1
- IBM TXSeries for Multiplatforms – versions 8.2 and 9.1
- IBM Tivoli Monitoring – version 6.3.0 to 6.3.0.7 (up to 6.3.0.7 Service pack 10)
- PowerVC – versions 2.0.2 and 2.0.2.1
- Rational Asset Analyzer (RAA) – version 6.1.0.0 to 6.1.0.23
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.
IBM Product Security Incident Response
Spring remote code execution vulnerabilities (AL22-004)
Active Exploitation of Apache Log4j Vulnerability (AL21-019)