Scribd Logo
Upload

Welcome to Scribd!

  • IBM Security Guardium Patch Release Notes

    Uploaded by

    Soro wodeda
    23 views3 pages

    Original Title

    Guardium_v11_0_p40_patch_release_notes

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    23 views3 pages

    IBM Security Guardium Patch Release Notes

    Uploaded by

    Soro wodeda

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    IBM Security Guardium Patch Release Notes

    Product: IBM Security Guardium


    Release/ Version Guardium v11.0 patch 40
    Name of file: 11.0p40_Bundle_Oct_04_2021.tgz.enc.sig
    MD5SUM b045dc6ff7af0c8e7c80a1339921a9b7
    Date: 8 October 2021

    Finding the Patch


    This document provides a reference to the contents of this patch. If applicable, the detailed description of
    each fix and instructions for applying this patch are contained within the download package available at
    the IBM Fix Central website at http://www.ibm.com/support/fixcentral/.
    Make the following selections on Fix Central:
    • Product selector: IBM Security Guardium
    • Installed Version: 11.0
    • Platform: UNIX/Linux/Windows
    • Click "Continue", then select "Browse for fixes" and click "Continue" again.
    • Select "Appliance Patch (GPU and ad hoc)"

    Prerequisite:

    • Guardium version 11.0


    • Health check patch 11.0p9997

    Notes:
    • This patch restarts the Guardium system.
    • Install this patch on all appliances in a top-down manner, starting with the Central Manager, then
    Aggregators, and then the Collectors.
    • Install this patch during the "quiet" time on the appliance.
    • If the downloaded package is in .ZIP format, customers are required to extract it outside
    Guardium appliance before uploading/ installing it.

    For information on Guardium patch types and naming convention, see:


    https://www.ibm.com/support/pages/node/6195371

    1
    Bug Fixes

    Patch Issue key Summary APAR


    11.0p35 https://delivery04.dhe.ibm.com/sar/CMA/IMA/09mq9/0/
    Guardium_v11_0_p35_patch_release_notes.pdf
    11.0p40 GRD-51200 System backup and Archive failing after Upgrade from GA17682
    V11.2 to V11.3
    GRD-47633 MySQL started crashing and creating huge core files after GA17628
    installing truncate undo files patch
    GRD-46860 11.2 store system snmp query community command not GA17435
    modifying /etc/snmp/snmpd.conf file
    GRD-44668 Issues with Active Threat Analytics dashboard - solr_test GA17675
    shows SSL exceptions on MUs
    GRD-42074 Cannot Restore Data Archive from TSM Server between GA17599
    different appliances
    GRD-35490 Some audit results not written to syslog GA17516

    Security Fixes

    Issue key Description CVEs


    GRD-50185 PSIRT: 264633 - Root privilege escalation vulnerability CVE-2021-20557
    injection vulnerability
    GRD-52500 PSIRT: 254744 - SE - Pen Testing 2020 - Cleartext CVE-2021-20385
    Transmission of Sensitive Information - 11.0
    GRD-52005 PSIRT: PVR0273390 – 3rd party Insecure Direct Object CVE-2021-29773
    References (IDOR) vulnerability in IBM Guardium
    Web GUI
    GRD-51632 PSIRT: 271768 - OpenLDAP vulnerable to CVE-2020- CVE-2020-25692
    25692 - 11.0
    GRD-50662 PSIRT: 270792 - Pen Test 2021: Cloud Collector - CVE-2021-29735
    Stored XSS when editing Report display options
    GRD-50185 PSIRT: 264633 - Root privilege escalation vulnerability CVE-2021-20557
    injection vulnerability
    GRD-50162 PSIRT: 247224, 253618 [All] kernel (Publicly disclosed CVE-2020-25705
    vulnerability) - 11.0 CVE-2020-28374

    2
    GRD-48994 PSIRT: 255147 - SE - Pen Testing 2020 - Weak CVE-2021-20418
    Password Policy in IBM Security Guardium (Support
    Maintenance)
    GRD-47849 PSIRT: 249552,253092, 254469 [ALL] jackson- CVE-2020-25649
    databind (Publicly disclosed vulnerability) - webapps CVE-2020-36185
    CVE-2020-36181
    CVE-2020-36189
    CVE-2020-36188
    CVE-2020-36184
    CVE-2020-36180
    CVE-2020-36183
    CVE-2020-36179
    CVE-2020-36187
    CVE-2020-36186
    CVE-2020-36182
    CVE-2021-20190

    GRD-47520 PSIRT: 255708 - SE - Pen Testing 2020 - Password CVE-2021-20426


    Appears in Plaintext in the Source Code
    GRD-47517 PSIRT: 255144 - SE - Pen Testing 2020 - SANS25 - CVE-2021-20420
    Reliance on Untrusted Inputs in a Security Decision -
    Support Maintenance

    IBM Guardium Version 11.0 Licensed Materials - Property of IBM. © Copyright IBM Corp. 2002, 2021. US Government Users
    Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

    IBM, the IBM logo, and ibm.com® are trademarks or registered trademarks of International Business Machines Corp., registered in
    many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of
    IBM trademarks are available on the web at “Copyright and trademark information” (www.ibm.com/legal/copytrade.shtml)

    You might also like