IBM has released several new security advisories addressing high-impact issues across its product lineup. Most of the updates focuses on critical fixes for AIX and VIOS systems. Also announced were additional patches for vulnerabilities affecting Jazz Reporting Service, IBM’s reporting and analytics layer, and IBM Sterling Secure Proxy, a component used in managed file transfer environments.
The newly disclosed AIX and VIOS vulnerabilities span several serious categories, including remote command execution, improperly protected credentials, and path traversal weaknesses tied to NIM components. These issues affect AIX 7.2 and 7.3, along with corresponding VIOS versions, and can be exploited when network access to the host is available. IBM has published APARs and interim fixes for the impacted releases, along with guidance for verifying system levels and applying the updates. Enabling secure SSL/TLS mode for NIM is also recommended as part of the mitigation process.
Additional IBM Vulnerabilities
Separate from the AIX updates, IBM also noted a vulnerability in Jazz Reporting Service related to the OWASP Java HTML Sanitizer library (CVE-2021-42575). The flaw involves incomplete sanitization of certain HTML elements, potentially allowing unsafe content to be processed. Updated iFix packages with the corrected library version are now available for supported JRS releases.
IBM Sterling Secure Proxy received its own set of fixes addressing several Java-related vulnerabilities and an HTTP parameter pollution issue in the form-data package. The affected versions cover multiple 6.x releases, and updated fix packs have been published through Fix Central.
Closing
For full technical documentation, version details, and recommended remediation steps, refer to IBM’s official security advisories page here.
Leave a Reply