IBM application admins should update Cloud Private, Db2, Elastic Search, Event Streams and Netty. If this does not happen, attackers could attack systems and manipulate data, for example, or access information that is actually isolated.
The developers have closed most of the gaps in the DB2 database system. A vulnerability (CVE-2021-29678) is associated with the threat level “highIf an attacker had DBADM authority, he could access and modify databases.
The other gaps are with “mediumAfter successful attacks, attackers could, for example, access actually encrypted data. If an attack on event streams succeeds, attackers could execute malicious code. Vulnerabilities in private cloud could leak data.
In addition, IBM has made several contributions to the Log4j vulnerability and affected applications published. This includes Engineering Lifecycle Optimization and Power HMC.
Admins can see further information on the vulnerable and secured versions in the following warning messages. List sorted in descending order by threat level: