Number: AV22-336
Date: 20 June 2022
Between 13 and 19 June 2022 IBM published Security Bulletins to address vulnerabilities in multiple products. Included were critical updates for the following:
- Disconnected Log Collector – versions 1.0 to 1.7.2
- IBM Analytic Accelerator Framework for Communication Service Providers (AAF) – version 4.0.0.0.0
- IBM Cloud Object Storage Systems – multiple versions
- IBM Customer and Network Analytics for Communications Service Providers and Datasets (CNA) – version 10.0.0.0.0
- IBM Integration Bus – versions 10.0.0.0 to 10.0.0.25
- IBM Security Guardium – versions 10.5, 10.6, 11.0, 11.1, 11.2, 11.3 and 11.4
- IBM Spectrum Copy Data Management – versions 2.2.0.0 to 2.2.15.0
- IBM Tivoli Netcool/OMNIbus Integration – multiple versions
- Netcool Operations Insight – versions 1.4.x, 1.5.x and 1.6.x
- Rational Test Control Panel component in Rational Test Virtualization Server and Workbench – versions 9.2.1.1, 9.5, 10.0.2.1, 10.1.3 and 10.2.2
- StoredIQ – versions 7.6.0.0 to 7.6.0.22
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.
IBM Product Security Incident Response
Spring remote code execution vulnerabilities (AL22-004)
IBM – Apache Log4j Vulnerability
Active Exploitation of Apache Log4j Vulnerability (AL21-019)