Rewterz Threat Advisory – Multiple QNAP QTS Vulnerabilities

Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilites

Rewterz Threat Advisory – Multiple IBM MQ Appliance, AIX, and Spectrum Scale Vulnerabilities

March 2, 2022

Severity

Medium

Analysis Summary

CVE-2020-4925

A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a non-root user to overflow the mmfsd daemon with requests and preventing the daemon to service other requests.

CVE-2021-38955

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands

CVE-2021-38986

IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

CVE-2022-22321

IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection.

Impact

Denial of Service
Information Disclosure
Unauthorized Access

Indicators of Compromise

CVE

CVE-2020-4925
CVE-2021-38955
CVE-2021-38986
CVE-2022-22321

Affected Vendors

IBM

Affected Products

IBM Spectrum Scale 5.0
IBM Spectrum Scale 5.1
IBM AIX 7.1
IBM AIX 7.2
IBM VIOS 3.1
IBM AIX 7.3
IBM MQ Appliance 9.2 LTS
IBM MQ Appliance 9.2 CD

Remediation

Refer to IBM Security Bulletin for patch, upgrade, or suggested workaround information.

CVE-2020-4925

https://www.ibm.com/support/pages/node/6560094

CVE-2021-38955

https://www.ibm.com/support/pages/node/6560236

CVE-2021-38986

https://www.ibm.com/support/pages/node/6560032

CVE-2022-22321

https://www.ibm.com/support/pages/node/6560042