Several vulnerabilities make IBM InfoSphere Identity Insight vulnerable, among others.
IBM application admins should install the latest security patches. Otherwise attackers could attack systems.
Specifically, IBM AIX, App Connect Enterprise, InfoSphere Identity Insight, Integration Bus, SDK and Security Verify Governance are threatened. After successful attacks, attackers could gain higher user rights or execute their own commands.
Some vulnerabilities affect the Node.js and OpenSSL components, which use several IBM software. For some attacks, however, an attacker must have access to a PC in order to place a specially crafted DLL library (CVE-2022-32223 “high“).
Patch now!
IBM lists further information on the gaps and versions secured against possible attacks in its security center:
- IBM AIX
- IBM SDK, Java Technology Edition Quarterly CPU – Apr 2022 – Includes Oracle April 2022 CPU (minus CVE-2022-21426) affects IBM Security Verify Governance, Identity Manager virtual appliance component
- Multiple vulnerabilities due to OpenSSL and Node js which affect IBM App Connect Enterprise and IBM Integration Bus
- IBM InfoSphere Identity Insight vulnerabilities in third party libraries (CVE-2021-39239, CVE-2022-23308, CVE-2021-29424, CVE-2020-15250, 177835)
