تحديثات IBM
1821تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
9 أغسطس, 2020
● متوسط
2020-1613
الكل
الوصف:
أصدرت IBM عدة تحديثات لمعالجة عدد من الثغرات في المنتجات التالية:
- SPSS Statistics
- 26.0
- 25.0
- 24.0
- IBM MQ
- 9.1 LTS
- 9.0 LTS
- 8.0
- 9.1 CD
- IBM WebSphere MQ
- 7.5
- 7.1
- IBM i
- 7.4
- 7.3
- 7.2
- 7.1
- IBM Spectrum Protect Plus
- 10.1.0-10.1.6
- IBM® SDK, Java™ Technology Edition
- 7.0.0.0 – 7.0.10.65
- 7.1.0.0 – 7.1.4.65
- 8.0.0.0 – 8.0.6.11
- Content Collector for Email
- 4.0.1
- 4.0.0
- DB2 Recovery Expert for LUW
- 5.5
- 5.5 Interim Fix 1 (IF1)
- 5.5 Interim Fix 12(IF2)
- Content Collector for File Systems
- 4.0.1
- Content Collector for Microsoft SharePoint
- 4.0.1
- Content Collector for IBM Connections
- 4.0.1
- The Elastic Storage Server
- 5.3.0 -5.3.5.2
- 5.0.0 - 5.2.9
- 4.5.0 - 4.6.0
- 4.0.0 - 4.0.6
- IBM WebSphere Internet Pass-Thru
- 2.1
- IBM Netcool Operations Insight
- 1.6.0.x
- IBM Jazz Reporting Service
- 7.0.1
- 7.0
- 6.0.6.1
- 6.0.6
- 6.0.2
- Financial Transaction Manager for Check Services for Multi-Platform
- 3.0.2
- 3.0.0
- 3.0.5
- IBM Java SDK shipped with IBM WebSphere Application Server Patterns
- 1.0.0.0 - 1.0.0.7
- 2.2.0.0 - 2.3.3.0
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- هجمة حجب الخدمة (DoS attack)
- الكشف والإفصاح غير المصرح به للمعلومات
- تجاوز سعة مخزن الذاكرة المؤقت
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتIBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-spss-statistics-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-could-allow-an-attacker-to-cause-a-denial-of-service-caused-by-an-error-within-the-pubsub-logic-cve-2020-4376/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-cve-2019-2949-in-ibm-java-sdk-and-ibm-java-runtime-affects-ibm-i/
- https://www.ibm.com/blogs/psirt/security-bulletin-incorrect-permissions-on-ibm-spectrum-protect-plus-agent-files-cve-2020-4631/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a-buffer-overflow-vulnerability-due-to-an-error-within-the-channel-processing-code-cve-2020-4465/
- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2601-may-affect-ibm-sdk-java-technology-edition/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-affected-by-a-vulnerability-within-ibm-websphere-liberty-cve-2020-4329/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-sdk-and-ibm-java-runtime-for-ibm-i-is-affected-by-cve-2020-2654/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-could-allow-an-attacker-to-cause-a-denial-of-service-due-to-a-memory-leak-caused-by-an-error-creating-a-dynamic-queue-cve-2020-4375/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-email-is-affected-by-a-embedded-websphere-application-server-is-vulnerable-to-apache-commons-beanutils/
- https://www.ibm.com/blogs/psirt/security-bulletin-there-are-vulnerabilities-in-the-ibm-java-runtime-environment-used-by-db2-recovery-expert-for-linux-unix-and-windows/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-embedded-websphere-application-server-is-vulnerable-to-a-command-execution-vulnerability-affect-content-collector-for-email/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a-denial-of-service-due-to-an-error-within-the-queue-processing-function-cve-2020-4466/
- https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-email-is-affected-by-a-information-disclosure-in-embedded-websphere-application-server/
- https://www.ibm.com/blogs/psirt/security-bulletin-embedded-websphere-application-server-is-vulnerable-to-a-denial-of-service-affect-content-collector-for-email/
- https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-email-is-affected-by-a-embedded-websphere-application-server-is-vulnerable-to-a-privilege-escalation-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-email-is-affected-by-a-embedded-websphere-application-server-is-vulnerable-to-a-information-disclosure-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-6/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-7/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-websphere-application-server-affects-ibm-spectrum-scale-packaged-in-ibm-elastic-storage-server-cve-2019-4720/
- https://www.ibm.com/blogs/psirt/security-bulletin-embedded-websphere-application-server-is-vulnerable-to-a-command-execution-vulnerability-affect-content-collector-for-email-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-mq-internet-pass-thru-cve-2020-2654-deferred-from-oracle-jan-2020-cpu/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-8/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-9/
- https://www.ibm.com/blogs/psirt/security-bulletin-version-10-19-0-of-node-js-included-in-ibm-netcool-operations-insight-1-6-0-x-has-several-security-vulnerabilities/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-affects-the-lifecycle-query-engine-that-is-shipped-with-jazz-reporting-service-cve-2020-4539/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affect-financial-transaction-manager-for-check-services-cve-2019-4732-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affect-financial-transaction-manager-for-corporate-payment-services-cve-2020-2654/
- https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-manager-for-corporate-payment-services-is-affected-by-a-potential-information-disclosure-id-177835/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-affects-the-lifecycle-query-engine-that-is-shipped-with-jazz-reporting-service-cve-2020-4533/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-july-2020-cpu-that-is-bundled-with-ibm-websphere-application-server-patterns/
- https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-manager-for-check-services-is-affected-by-a-potential-information-disclosure-id-177835/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-affects-the-report-builder-that-is-shipped-with-jazz-reporting-service-cve-2020-4541/