IBM74D0AB0D0188EBC3C8BAAF910FFFA758BE5E9873932EBD5BABCAE383C12BE116Security Bulletin: Vulnerability in Redis affects IBM Event Streams (CVE-2021-32762)
0.009 Low
EPSS
Percentile
83.2%
Summary
There is a vulnerability in the Redis open source database. The database is used by IBM Event Streams.
Vulnerability Details
CVEID:CVE-2021-32762
**DESCRIPTION:**Redis could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an integer overflow in the redis-cli command line tool and redis-sentinel service. By parsing specially-crafted large multi-bulk network replies, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/210729 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Event Streams | 2019.4.1, 2019.4.2, 2019.4.3, 2019.4.4 |
| IBM Event Streams | 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.4.0 |
Remediation/Fixes
IBM Event Streams (Helm-based releases)
- Download the 2019.4.5 release from IBM Fix Central.
- Upgrade to IBM Event Streams 2019.4.5 by following the upgrading and migrating documentation.
IBM Event Streams (Continuous Delivery)
- Upgrade to IBM Event Streams 10.5.0 by following the upgrading and migrating documentation.
IBM Event Streams (Extended Update Support)
- Upgrade to IBM Event Streams 10.2.1 by following the upgrading and migrating documentation.
Workarounds and Mitigations
None
Related
0.009 Low
EPSS
Percentile
83.2%