IBM family of products (IBM i, IBM InfoSphere Information Server, etc.) security update advisories

Overview

 

An update has been released to address vulnerabilities in the IBM family of products. Users of affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2019-4185

• IBM InfoSphere Information Server version 11.7.1
• IBM InfoSphere Information Server on Cloud version 11.7.1

 

CVE-2024-27264

• IBM i versions 7.2, 7.3, 7.4, and 7.5

 

CVE-2024-31879

• IBM i versions 7.2, 7.3, 7.4

 

CVE-2024-35142, CVE-2024-35141, CVE-2024-35140

• IBM Security Verify Access Docker 10.0.0, 10.0.6 Versions

 

Resolved Vulnerabilities

 

Elevation of privilege vulnerability due to insecurely configured components in IBM InfoSphere Information Server containers (CVE-2019-4185)

Elevation of privilege vulnerability due to an unspecified library call by a local user suffered by the Performance Analysis Tool for IBM i (CVE-2024-27264)

Arbitrary code execution vulnerability in IBM i due to deserialization of untrusted data leading to a denial of service on the system’s network port (CVE-2024-31879)

Privilege escalation vulnerability due to unnecessary privilege execution by a local user in IBM Security Verify Access (CVE-2024-35142, CVE-2024-35141)

Elevation of privilege vulnerability due to improper certificate validation by a local user in IBM Security Verify Access (CVE-2024-35140)

 

Vulnerability Patches

 

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest vulnerability patches version.

CVE-2019-4185

• IBM InfoSphere Information Server 11.7.1.0 Version
• IBM InfoSphere Information Server 11.7.1.0 Fix Pack 1 Version

 

CVE-2024-27264

• updated based on the Remediation/Fixes section of the reference site[2]

 

CVE-2024-31879

• updated based on the Remediation/Fixes section of the reference [3]

 

Cve-2024-35142, cve-2024-35141, cve-2024-35140

• updated based on the Remediation/Fixes section of the reference site [4]

 

Referenced Sites

 

[1] Security Bulletin: IBM InfoSphere Information Server containers are vulnerable to privilege escalation

https://www.ibm.com/support/pages/node/882626

[2] Security Bulletin: IBM i is vulnerable to a local privilege escalation due to an unqualified library call in IBM Performance Tools for i [CVE-2024-27264].

https://www.ibm.com/support/pages/node/7154595

[3] Security Bulletin: IBM i is vulnerable to a denial of service of network ports due to deserialization of untrusted data in Management Central [CVE-2024-31879].

https://www.ibm.com/support/pages/node/7154380

[4] Security Bulletin: Multiple Security Vulnerabilities were discovered in IBM Security Verify Access Container (CVE-2024-35140, CVE-2024-35141, CVE-2024-35142)

https://www.ibm.com/support/pages/node/7155356