الوصف:

أصدرت IBM عدة تحديثات لمعالجة عدد من الثغرات في المنتجات التالية:

• WebSphere Application Server
  • 9.0
  • 8.5
  • 8.0
  • 7.0
• IBM Operations Analytics Predictive Insights
  • 1.3.6
• IBM License Metric Tool
• IBM Spectrum Protect Operations Center
  • 8.1.0.000-8.1.9.xxx
  • 7.1.0.000-7.1.10.xxx
• IBM Spectrum Protect Client Management Service (CMS)
  • 8.1.0.000-8.1.9.xxx
  • 7.1.0.000-7.1.10.xxx
• IBM Maximo Asset Management IBM Maximo Asset Management
  • 7.6.0
  • 7.6.1
• IBM Tivoli Application Dependency Discovery Manager
  • 7.3.0.0 – 7.3.0.7
• IBM Tivoli Composite Application Manager for Transactions (Response Time)
  • 7.4.0.2
  • 7.4.0.1
• IBM Cloud Application Performance Management – Response Time Monitoring Agent
  • 8.1.4
• IBM Spectrum Protect Server
  • 8.1.0.000-8.1.9.xxx
  • 7.1.0.000-7.1.10.xxx
• IBM QRadar Wincollect
  • 7.2.0 – 7.2.9
• IBM WIoTP MessageGateway
  • 5.0.0.1
• IBM IoT MessageSight
  • 5.0.0.0
  • 2.0
• IBM Netcool Agile Service Manager
  • 1.1
• SAN Volume Controller and Storwize Family
  • 8.3
  • 7.8
  • 8.2
• IBM Spectrum Protect Plus
  • 10.1.0-10.1.6
• IBM i2 Analyst's Notebook
  • IBM i2 Analyst's Notebook 9.2.1
• IBM i2 Analyst's Notebook Premium
  • IBM i2 Analyst's Notebook Premium 9.2.1

التهديدات:

يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:

• هجمة حجب الخدمة (DoS attack)
• الكشف والإفصاح عن معلومات حساسة
• تنفيذ برمجيات خبيثة -عن بعد
• تجاوز سعة مخزن الذاكرة المؤقت

الإجراءات الوقائية:

يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتIBM توضيحًا لهذه التحديثات:

• https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-a-remote-code-execution-vulnerability-cve-2020-4589/
• https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affects-ibm-operations-analytics-predictive-insights-cve-2019-14060-cve-2019-14661-cve-2019-14662/
• https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-faster-xml-jackson-databind-affects-ibm-operations-analytics-predictive-insights-cve-2019-144892-cve-2019-144893/
• https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-db2-shipped-with-ibm-license-metric-tool-v9/
• https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-websphere-application-server-liberty-affects-ibm-spectrum-protect-operations-center-and-client-management-service-cve-2019-12406/
• https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-path-traversal-cve-2019-4582/
• https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-runtime-affect-the-ibm-spectrum-protect-server-cve-2020-2593-cve-2019-4732/
• https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-publicly-disclosed-vulnerability/
• https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlite-affects-ibm-cloud-application-performance-managment-r-esponse-time-monitoring-agent-cve-2020-11655-cve-2020-11656/
• https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlite-affects-ibm-cloud-application-performance-managment-r-esponse-time-monitoring-agent-cve-2020-9327/
• https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-has-been-identified-in-bigfix-platform-shipped-with-ibm-license-metric-tool-2/
• https://www.ibm.com/blogs/psirt/security-bulletin-db2-vulnerabilities-affect-ibm-spectrum-protect-server-cve-2020-4230-cve-2020-4135-cve-2020-4204-cve-2020-4200-2/
• https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-wincollect-is-vulnerable-to-improper-access-control-cve-2020-4485-cve-2020-4486/
• https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jquery-affect-ibm-wiotp-messagegateway-cve-2020-11023-cve-2020-11022/
• https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-netty-affect-ibm-netcool-agile-service-manager-cve-2020-7238/
• https://www.ibm.com/blogs/psirt/security-bulletin-network-security-nss-vulnerability-affects-ibm-san-volume-controller-ibm-storwize-ibm-spectrum-virtualize-and-ibm-flashsystem-products/
• https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jquery-affect-ibm-wiotp-messagegateway/
• https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-camels-jmx-apache-camel-rabbitmq-and-apache-camel-netty-affects-ibm-operations-analytics-predictive-insights-cve-2020-11971-cve-2020-11972-cve/
• https://www.ibm.com/blogs/psirt/security-bulletin-incorrect-permissions-on-ibm-spectrum-protect-plus-agent-files-cve-2020-4631-2/
• https://www.ibm.com/blogs/psirt/security-bulletin-openslp-vulnerability-affects-ibm-san-volume-controller-ibm-storwize-ibm-spectrum-virtualize-and-ibm-flashsystem-products/
• https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analysts-notebook-and-ibm-i2-analysts-notebook-premium-memory-vulnerabilities-2/
• https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-jquery-affects-ibm-wiotp-messagegateway-cve-2020-7656/
• https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerabilities-affect-ibm-san-volume-controller-ibm-storwize-ibm-spectrum-virtualize-and-ibm-flashsystem-products/