Download
Abstract
This document lists the fixes contained in IBM Cloud Pak® System Version 2.3.3.5
Download Description
To download Version 2.3.3.5, go to the IBM Cloud Pak System product page on IBM Fix Central.
Version 2.3.3.5 includes fixes for these security vulnerabilities:
Component | Security bulletin link | CVEs | Description |
---|---|---|---|
Log4j | Security Bulletin |
CVE-2021-45046, CVE-2021-44228
|
IBM Cloud Pak System is vulnerable to arbitrary code execution due to Apache Log4j. |
VMware vCenter | Security Bulletin | CVE-2021-21980, CVE-2021-22049 | Vulnerabilities in vCenter affect IBM Cloud Pak System. |
Polkit | Security Bulletin | CVE-2021-4034 | Vulnerability in Polkit affects IBM Cloud Pak System. |
Golang Go | Security Bulletin | CVE-2022-24921, CVE-2020-29652, CVE-2022-24675, CVE-2022-28327, CVE-2021-44716, CVE-2022-23773, CVE-2021-44717 | Multiple vulnerabilities in Golang Go affect IBM Cloud Pak System. |
Intel firmware | Security Bulletin | CVE-2021-0091, CVE-2021-0092, CVE-2021-0093, CVE-2021-0099, CVE-2021-0103, CVE-2021-0107, CVE-2021-0111, CVE-2021-0114, CVE-2021-0115, CVE-2021-0116, CVE-2021-0117, CVE-2021-0118, CVE-2021-0119, CVE-2021-0124, CVE-2021-0125, CVE-2021-0156, CVE-2021-0127, CVE-2021-0145 | Multiple vulnerabilities in Intel processors affect IBM Cloud Pak System. |
Security Bulletin | CVE-2021-0060, CVE-2021-0147, CVE-2021-33068 | Vulnerabilities in Intel Chipset affect IBM Cloud Pak System. | |
Node.js | Security Bulletin | CVE-2020-7660, CVE-2020-7608, CVE-2020-8116, CVE-2022-0122, CVE-2020-7720, CVE-2021-26707, CVE-2020-28469, CVE-2020-28477, CVE-2020-15138,, CVE-2021-3801, CVE-2020-7598, CVE-2020-15366, CVE-2020-15256, CVE-2021-3918, CVE-2021-23368, CVE-2020-28498, CVE-2020-13822 | |
Security Bulletin | CVE-2021-23382, CVE-2021-32804, CVE-2021-32803, CVE-2021-37713, CVE-2021-37701, CVE-2021-37712, CVE-2020-7753, CVE-2021-33502, CVE-2021-27290, CVE-2022-0512, CVE-2022-0686, CVE-2021-3664, CVE-2021-27515, CVE-2022-0639, CVE-2021-33623, CVE-2020-7788, CVE-2020-7662, CVE-2021-23424, CVE-2020-7774, CVE-2020-28500, CVE-2021-23337, CVE-2020-8203, CVE-2021-29059, CVE-2021-28092, CVE-2021-3807, CVE-2021-3777 | Multiple vulnerabilities in Node.js affect IBM Cloud Pak System. | |
Security Bulletin | CVE-2021-23343, CVE-2021-23386, CVE-2020-7789, CVE-2020-7693, CVE-2021-32640, CVE-2022-0691, CVE-2020-24025, CVE-2019-6283, CVE-2018-19838, CVE-2018-11499, CVE-2018-11696, CVE-2018-11697, CVE-2019-6286, CVE-2019-18797, CVE-2018-11698, CVE-2018-19839, CVE-2018-19837, CVE-2018-19797, CVE-2018-20821, CVE-2019-6284, CVE-2018-20190, CVE-2018-19827, CVE-2018-11694, CVE-2021-23364 | Multiple vulnerabilities in Node.js affect IBM Cloud Pak System. | |
SAN Volume Controller, FlashSystem firmware | Security Bulletin |
CVE-2021-29873 | Vulnerability in IBM SAN Volume Controller, IBM Storwize, and IBM FlashSystem shipped with Cloud Pak System |
HTTP server | CVE-2021-44790, CVE-2022-22720 | Multiple vulnerabilities in HTTP server shipped with IBM Cloud Pak System. | |
Expat | CVE-2021-45960, CVE-2021-46143, CVE-2022-23852, CVE-2022-22822 | Multiple vulnerabilities in Expat shipped with IBM Cloud Pak System. | |
Glibc | CVE-2021-3999, CVE-2022-23218, CVE-2022-23219, CVE-2021-35942 | Multiple vulnerabilities in Glibc shipped with IBM Cloud Pak System. | |
Dojo | CVE-2021-23450 | Multiple vulnerabilities in Dojo shipped with IBM Cloud Pak System. | |
OpenSSL | CVE-2021-23840, CVE-2021-23841, CVE-2022-0778 | Multiple vulnerabilities in OpenSSL shipped with IBM Cloud Pak System. |
The following tables contain the Authorized Program Analysis Reports (APARs) and other fixes that are included in this release. If an integrated pattern or component is not listed, there were no fixes for that pattern or component in this version. The upgrade recommendation is to move directly to 2.3.3.5.
IBM Cloud Pak System APARs
APAR | APAR Description |
---|---|
Workload mobility failed as a result of 0 byte HTTP response from the target IBM Cloud Pak System Software instance.
|
|
The "Getting started" page has out-of-date information and links.
|
|
Cannot delete default image from Default Deploy Settings.
|
|
"File viewer" is missing from the "Problem determination" menu since firmware 2.3.3.4.
|
|
IT41436 | Virtual machines on RHEL 8.4 image cannot synchronize time with the configured NTP servers. |
IT41437 | RHEL 8 file system is too small. |
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
10 November 2022
UID
ibm16598723