الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تحديثات IBM
2108
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
1 يوليو, 2020
● عالي
2020-1427
الكل
الوصف:
أصدرت IBM عدة تحديثات لمعالجة عدد من الثغرات في المنتجات التالية:
- IBM Security Identity Manager Virtual Appliance
- 7.0.2
- IBM License Metric Tool
- Log Analysis
- 1.3.1
- 1.3.2
- 1.3.3
- 1.3.4
- 1.3.5
- 1.3.6
- 1.3.5.3
- 1.3.6.0
- Asset Analyzer (RAA)
- 6.1.0.0 – 6.1.0.23
- BM Kenexa LMS on premise
- LMS 6.1 and Below
- IBM Db2
- V9.7
- V10.1
- V10.5
- V11.1
- V11.5
- IBM Tivoli Netcool Impact 7.1.0
- 7.1.0.0~7.1.0.18
- IBM Bootable Media Creator (BoMC)
- IBM MQ for HPE NonStop
- 8.1.0
- 8.0.4
- InfoSphere Streams
- 4.3.1.x
- 4.2.1.x
- 4.1.1.x
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- هجمة حجب الخدمة (DoS attack) –عن بعد
- رفع الصلاحيات لزيادة قدرته على التعديل في النظام
- تعديل غير مصرح به
- تجاوز آلية حماية
- تنفيذ برمجيات خبيثة
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتIBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-is-affected-by-a-vulnerability-in-websphere-application-server-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-7-0-8-0-8-5-and-9-0-is-vulnerable-to-a-denial-of-service-caused-by-improper-handling-of-request-headers/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-cve-2020-4386/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-vulnerability-cve-2020-4376/
- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-ssrf-in-apache-solr-affect-ibm-operations-analytics-log-analysis-cve-2017-3164/
- https://www.ibm.com/blogs/psirt/security-bulletin-host-header-injection-vulnerability-in-ibm-operations-analytics-log-analysis-pre-login-scenario/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerabilities-has-been-identified-in-websphere-liberty-profile-shipped-with-ibm-license-metric-tool-v9/
- https://www.ibm.com/blogs/psirt/security-bulletin-insecure-path-attribute-in-ibm-operations-analytics-log-analysis-csrftoken-ltpatoken2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-buffer-overflow-leading-to-a-privileged-escalation-cve-2020-4363/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-and-denial-of-service-cve-2020-4414/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise-ibm-sdk-java-technology-edition-quarterly-cpu-apr-2020-includes-oracle-apr-2020-cpu/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-cve-2020-4387/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise-cve-2019-2949-deferred-from-oracle-oct-2019-cpu/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-websphere-application-server-liberty-affect-ibm-operations-analytics-log-analysis-cve-2020-4303-cve-2020-4304/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-affect-ibm-license-metric-tool-v9/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-vulnerability-cve-2020-4310/
- https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-is-affected-by-a-vulnerability-in-websphere-application-server-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-is-affected-by-a-vulnerability-in-websphere-application-server/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-asset-analyzer/
- https://www.ibm.com/blogs/psirt/security-bulletin-content-spoofing-vulnerability-in-ibm-operations-analytics-log-analysis/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise-cve-2020-2654-deferred-from-oracle-jan-2020-cpu/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-a-denial-of-service-attack-cve-2020-4420/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-websphere-application-server-shipped-with-ibm-tivoli-netcool-impact-cve-2019-4720/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bootable-media-creator-bomc-is-affected-by-vulnerabilities-in-openssl-cve-2019-1547-and-cve-2019-1563/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-may-be-vulnerable-to-a-denial-of-service-attack-cve-2020-4355/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-license-metric-tool-v9/
- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-reflected-vulnerability-in-ibm-operations-analytics-log-analysis/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-solr-vulnerability-affects-ibm-operations-analytics-log-analysis-cve-2018-11802/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-websphere-liberty-profile-shipped-with-ibm-license-metric-tool-v9-cve-2020-4329/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-fixed-in-ibm-security-identity-manager-virtual-appliancecve-2020-4329/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-manager-virtual-appliance-is-affected-by-multiple-vulnerabilities/
قيم المحتوى
شارك الصفحة
