- 299/2022
- Critical
IBM has released security updates to fix third-party components vulnerabilities across multiple products.
The addressed vulnerabilities could allow the attacker to gain access, obtain information and cause a denial of service attack on the affected products.
Sample of the addressed Vulnerabilities :
1. IBM InfoSphere Information Server Apache Commons Text code execution (CVE-2022-42889)
• CVSS: 9.8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Consequences: Gain Access
2. IBM Data Risk Manager Apache Commons Configuration code execution (CVE-2022-33980)
• CVSS: 9.8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Consequences: Gain Access
Affected Products :
• IBM Data Risk Manager (IDRM) 2.0.6.14
• IBM InfoSphere Information Server 11.7
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.