IBM warns its users of a number of issues. A total of 39 vulnerabilities were fixed in various products. Two of the vulnerabilities were classified as critical. Ten other problems represent a high risk. System administrators should install the updates in a timely manner.
The two critical vulnerabilities affect the Cloud Object Storage System and QRadar SIEM. In both cases, the Apache HTTP server is the cause of the problem. Expat and the Spring Framework also cause complications for COS.
Administrators should install updates
The vulnerabilities classified as high affect the following products:
- IBM Connect: Direct Web Services
- IBM App Connect Enterprise Certified Container Dashboards through a hole in IBM X-Force
- IBM RackSwitch firmware and IBM Flex System Switch firmware through Libxml2 and OpenSSL
- IBM HTTP Server (powered by Apache)
- IBM Sterling Connect: Direct for UNIX Certified Container through vulnerabilities in the underlying Red Hat Linux
- IBM Virtualization Engine TS7700
- IBM Datacap
There are also 27 other medium-risk vulnerabilities. System administrators should install the corresponding updates as soon as possible.