IBM releases critical security updates for many products

Source: Heise.de added 12th Jan 2021

  • ibm-releases-critical-security-updates-for-many-products

After a break over the holidays, IBM released the first security updates in 2021 last week . Weaknesses in ratings from “Low” to “High” affect numerous products across the company’s portfolio. In addition, a critical vulnerability lurks in several versions of IBM Aspera High-Speed ​​Transfer (server and endpoint). Under certain conditions, it enables any code execution from a distance (Remote Code Execution) on vulnerable systems.

This announcement focuses on those vulnerabilities with a high to critical risk rating. An overview of all publications is provided by IBM’s Product Security Incident Response Blog. Caution: A filtered search for January 2021 returns 77 entries back; however, the search results also include entries from the previous months that were only updated.

Critical: Aspera High- Speed ​​transfer secured The critical vulnerability CVE – 2020 – 35728 applies to all server and endpoint versions of IBM Aspera High-Speed ​​Transfer up to and including version 3.9.6.2 for Linux, Linux on IBM Z Systems, AIX, macOS and Windows. CVE – 2020 – 35728 is not in IBM’s software itself, but in the external Jackson API, more precisely: in the version 2.x of FasterXML / jackson-databind before version 2.9. 10. 8.

The vulnerability assessed with the CVSS score 9.8 was converted to IBM Aspera High-Speed ​​Transfer Server and Endpoint 4.0 eliminated. Links to the available updates can be found in the security bulletin:

IBM Security Bulletin: jackson-databind vulnerability CVE – 2019 – 35728 “High” vulnerabilities at a glance Below we have the Security that has been published since the beginning of the year Bulletins with “High” rating listed alphabetically:

IBM API Connect V5 (CVE – 2020 – 4899) IBM App Connect Enterprise (CVE – 2020 – 15168 ) IBM DataPower Monitor (CVE – 2020 – 8172) IBM Netezza SQL Extensions Toolkit IBM Sterling B2B Integrator (CVE – 77 – 4728) IBM Sterling B2B Integrator (CVE – 2020 – 4762) IBM Sterling Secure External Authentication Server (CVE – 2020 – 27216) IBM Sterling Secure Proxy (CVE – 2019 – 27216) (ovw)

Read the full article at Heise.de

brands: CODE  IBM  linux  
media: Heise.de  
keywords: App  Server  Software  Windows  

Related posts


Notice: Undefined variable: all_related in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 88

Notice: Undefined variable: all_related in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 88

Related Products



Notice: Undefined variable: all_related in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 91

Warning: Invalid argument supplied for foreach() in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 91