الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تحديثات IBM
2792
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
28 يوليو, 2020
● متوسط
2020-1554
الكل
الوصف:
أصدرت IBM عدة تحديثات لمعالجة عدد من الثغرات في المنتجات التالية:
- IBM Security Guardium
- 10.5
- 10.6
- 11.0
- 11.1
- IBM MQ Appliance
- 8.0
- 9.1 LTS
- 9.1 CD
- API Connect
- IBM API Connect V5.0.0.0-5.0.8.8
- IBM API Connect V2018.4.1.0-2018.4.1.11
- NovaLink
- 1.0.0.13
- 1.0.0.15
- DB2 Query Management Facility for z/OS
- 11.2.1
- 12.1
- 12.2
- 11.2
- 11.1
- Query Management Facility Classic Edition
- 11.1
- Query Management Facility Enterprise Edition
- 11.1
- IBM Spectrum Symphony
- 7.3.0.1
- 7.3
- 7.2.1
- 7.2.0.2
- 7.1.2
- 7.1.1
- 7.1 Fix Pack 1
- Intelligent Operations Center (IOC)
- 5.1.0
- 5.1.0.2
- 5.1.0.3
- 5.1.0.4
- 5.1.0.6
- 5.2
- 5.2.1
- IBM Water Operations for Waternamics (Linux)
- 5.1.0
- 5.1.0.2
- 5.1.0.3
- 5.1.0.4
- 5.1.0.6
- 5.2
- 5.2.1
- IBM Intelligent Operations Center for Emergency Management (Linux)
- 5.1.0
- 5.1.0.2
- 5.1.0.3
- 5.1.0.4
- 5.1.0.6
- HMC V9.1.910.0
- V9.1.910.0
- DataQuant for z/OS
- 2.1
- DataQuant for Multiplatforms
- 2.1
- IBM Business Automation Workflow
- V19.0
- V18.0
- IBM Business Process Manager
- V8.6
- V8.5
- V8.0
- IBM Netcool Operations Insight
- 1.6.0.x
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- الكشف والإفصاح عن معلومات حساسة
- هجمة حجب الخدمة (DoS attack)
- تنفيذ برمجيات خبيثة
- تجاوز سعة مخزن الذاكرة المؤقت
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتIBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/support/pages/node/6220130
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-vulnerable-to-a-denial-of-service-vulnerability-cve-2020-4375/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-multiple-java-se-vulnerabilities/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v5-is-vulnerable-to-denial-of-service-php-cve-2019-11048/
- https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-by-man-in-the-middle-vulnerability-in-websphere-application-server-liberty-cve-2014-3603/
- https://www.ibm.com/blogs/psirt/security-bulletin-sbb0002796/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-vulnerable-to-a-buffer-overflow-vulnerability-cve-2020-4465/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-vulnerable-to-a-denial-of-service-vulnerability-in-oracle-mysql-cve-2020-2589/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-platform-symphony-and-ibm-spectrum-symphony-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-by-websphere-application-server-liberty-is-vulnerable-to-cross-site-scripting-cve-2019-4663-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-a-cross-site-scripting-vulnerability-in-jquery-xforce-id-180875/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-left-over-debug-code-in-js-files-vulnerability-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-inclusion-of-sensitive-data-within-trace-cve-2019-4731/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-vulnerable-to-a-denial-of-service-vulnerability-cve-2020-4376/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-that-affect-ibm-intelligent-operations-center-products-includes-oracle-jan-2020-cpu-m/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-intelligent-operations-center-is-vulnerable-to-stored-cross-site-scripting-cve-2020-4317/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-httpd-cve-2018-17199-and-cve-2018-1301/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-oracle-mysql-vulnerabilities-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-use-of-insufficiently-random-value-vulnerability-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-kernel-vulnerability-12/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-os-command-injection-vulnerabilities-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-improper-restriction-of-excessive-authentication-attempts-vulnerability-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-hard-coded-passwords-vulnerability-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-vulnerable-to-sensitive-information-disclosure-vulnerability-cve-2020-4319/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-os-command-injection-vulnerabilities-6/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-buffer-overflow-vulnerability-cve-2020-5208/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-multiple-libxml2-vulnerabilities/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-ingelligent-operations-center-is-vulnerable-to-stored-cross-site-scripting-cve-2020-4318/
- https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-by-swagger-vulnerability-affects-websphere-application-server-liberty/
- https://www.ibm.com/blogs/psirt/security-bulletin-sb0003782/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-bulletin-a-vulnerability-in-ibm-java-sdk-and-ibm-java-runtime-that-affect-ibm-intelligent-operations-center-products-cve-2019-2949/
- https://www.ibm.com/blogs/psirt/security-bulletin-xml-parsing-vulnerability-in-apache-santuario-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2019-12400/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-cross-site-scripting-vulnerability-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-pentest-results-for-ibm-netcool-operations-insight-found-a-security-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-denial-of-service-vulnerability-cve-2020-2654/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-vulnerable-to-a-denial-of-service-vulnerability-cve-2020-4466/
قيم المحتوى
شارك الصفحة
