IBM Addresses Multiple Security Vulnerabilities in Key Products

Estimated read time 2 min read

IBM has released patches to fix several critical vulnerabilities across its product line. These patches fixes security issues in popular enterprise solutions, including Cloud Pak for Security, QRadar Suite Software, and Db2 database systems.

Session Invalidation Vulnerability

The first vulnerability, identified as CVE-2022-38382, affects IBM Cloud Pak for Security (CP4S) and IBM QRadar Suite Software. It was discovered that these products do not invalidate sessions after logout, allowing an authenticated user to obtain sensitive information. This vulnerability could have serious consequences, including unauthorized access to sensitive data. IBM has since fixed this issue, ensuring that sessions are properly invalidated after logout.

Sensitive Information Disclosure Vulnerability

The second vulnerability, CVE-2022-38710, affects IBM Robotic Process Automation. It was found that this product could disclose sensitive version information to an unauthorized control sphere, potentially aiding in further attacks against the system. IBM has addressed this issue by ensuring that sensitive information is properly protected.

Improper Data Disclosure Vulnerability

The third vulnerability, CVE-2024-28799, affects IBM QRadar Suite Software and IBM Cloud Pak for Security. It was discovered that these products display sensitive data improperly to local privileged users in non-default configurations, potentially leading to the unexpected disclosure of this information. IBM has fixed this issue by ensuring that sensitive data is properly protected and only accessible to authorized users.

Denial of Service Vulnerability

The fourth vulnerability, CVE-2024-31882, affects IBM Db2 for Linux, UNIX and Windows. It was found that this product is vulnerable to denial of service attacks under specific non-default configurations. IBM has addressed this issue by implementing measures to prevent denial of service attacks.

Open Redirect Vulnerability

The fifth vulnerability, CVE-2024-35133, affects IBM Security Verify Access. It was discovered that this product is vulnerable to open redirect attacks, which could allow an attacker to conduct phishing attacks and obtain sensitive information. IBM has fixed this issue by implementing measures to prevent open redirect attacks.

Denial of Service Vulnerability

The sixth and final vulnerability, CVE-2024-35136, affects IBM Db2 for Linux, UNIX and Windows federated server. It was found that this product is vulnerable to denial of service attacks under certain non-default conditions. IBM has addressed this issue by implementing measures to prevent denial of service attacks.

June Bauer

Pop cultureaholic, Technology expert, Web fanatic and a Social media geek. If you have any questions or comments please feel free to email her at june@thecoinspost.com or contact her on X @JuneTBauer1

You May Also Like

More From Author