Description
IBM has released security updates to address several vulnerabilities in several products:
- IBM SPSS Modeler
- IBM Cloud Pak System
Threats
Attacker could exploit these vulnerabilities by doing the following:
Execute arbitrary code remotely
Unauthorized disclosure of information
Denial of service attack (DoS)
Buffer overflow
Execute arbitrary code remotely
Unauthorized disclosure of information
Denial of service attack (DoS)
Buffer overflow
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
https://www.ibm.com/blogs/psirt/security-bulletin-apache-commons-configuration-vulnerability-affects-ibm-spss-modeler-cve-2022-33980/
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-expat-glibc-http-server-dojo-openssl-shipped-with-ibm-cloud-pak-system/
https://www.ibm.com/blogs/psirt/security-bulletin-apache-commons-configuration-vulnerability-affects-ibm-spss-modeler-cve-2022-33980/
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-expat-glibc-http-server-dojo-openssl-shipped-with-ibm-cloud-pak-system/