Lucene search

K
ibmIBM094A1C4AAAF075A8AE50AF8FD7091B75A9E8A609AC997B6E15E0046306FE9305
HistoryJan 31, 2024 - 2:15 a.m.

Security Bulletin: IBM Spectrum Symphony provides upgraded software packages to address known CVEs

2024-01-3102:15:05
www.ibm.com
25
ibm spectrum symphony
fix 601860
upgraded software
known cves
64-bit
linux
windows
security

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

7.2 High

AI Score

Confidence

Low

0.061 Low

EPSS

Percentile

93.6%

IBM Spectrum Symphony Fix 601860 provides upgraded software packages to address known CVEs. Several software versions have been upgraded with Fix 601860.

IBM Spectrum Symphony 7.3.2 with Fix 601860 is a security fix that provides upgraded versions of software packages included with IBM Spectrum Symphony. The software has been upgraded to address known CVEs, as follows:

Software Upgraded in Fix 601860 to this version CVE
bcprov-jdk15on 1.77 CVE-2023-33201
Internet Systems Consortium (ISC) BIND (libbind) 9.18.19 CVE-2023-3341
jQuery 3.5.1 CVE-2020-11023, CVE-2020-11022, CVE2020-23064
jQuery.dataTables 1.11.3 CVE-2021-23445
jQuery-ui 1.13.2 CVE-2021-41184, CVE-2022-31160, CVE-2021-41183, CVE-2021-41182
Kotlin-stdlib 1.9.20 CVE-2022-24329
Netty 4.1.99 CVE-2023-34462
Okio 3.4.0 CVE-2023-3635
Python URLlib3 1.26.18 CVE-2023-43804, CVE-2023-45803
Spring Security 5.8.8 CVE-2023-34042

The IBM Spectrum Symphony 7.3.2 Fix 601860 offering is available for 64-bit Linux x86 and Windows. It is available for IBM Spectrum Symphony, and IBM Spectrum Symphony Advanced Edition with the multicluster feature. It is a security fix for IBM Spectrum Symphony, to be applied on top of your version 7.3.2 Fix 601711 installation (including any fixes you may have already installed on top of version 7.3.2).

Fix 601869 is not a mandatory fix; you can apply other fixes on top of IBM Spectrum Symphony 7.3.2 Fix 601711 without applying Fix 601860. Fix 601860 is, however, one that provides optimal security.

The IBM Spectrum Symphony installation includes various software, as listed in IBM Documentation. Some of the software packages have been identified with common vulnerabilities exposures (CVEs). Fix 601860 provides upgraded versions of the affect software, so that you can continue to use IBM Spectrum Symphony 7.3.2 securely. For improved security, apply Fix 601860.

For a Linux environment with IBM Spectrum Conductor, always install IBM Spectrum Symphony 7.3.2 Fix 601860 first, and then install IBM Spectrum Conductor 2.5.1 Fix 601861.

IBM Spectrum Symphony Fix ID: sym-7.3.2-build601860

[{“Type”:“MASTER”,“Line of Business”:{“code”:“LOB10”,“label”:“Data and AI”},“Business Unit”:{“code”:“BU059”,“label”:“IBM Software w/o TPS”},“Product”:{“code”:“SSZUMP”,“label”:“IBM Spectrum Symphony”},“ARM Category”:[{“code”:“a8m50000000CeRjAAK”,“label”:“Security Bulletin”}],“ARM Case Number”:“”,“Platform”:[{“code”:“PF016”,“label”:“Linux”},{“code”:“PF033”,“label”:“Windows”}],“Version”:“7.3.2”}]

Affected configurations

Vulners
Node
ibmspectrum_symphonyMatch7.3.2
CPENameOperatorVersion
ibm spectrum symphonyeq7.3.2

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

7.2 High

AI Score

Confidence

Low

0.061 Low

EPSS

Percentile

93.6%