الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تحديثات IBM
3027
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
6 سبتمبر, 2020
● عالي
2020-1726
الكل
الوصف:
أصدرت IBM عدة تحديثات لمعالجة عدد من الثغرات في المنتجات التالية:
- IBM Aspera Connect
- 3.9.9 and earlier
- IBM Netcool Agile Service Manager
- 1.1
- IBM Tivoli System Automation for Multiplatforms
- 4.1
- InfoSphere Information Server
- 11.7
- Watson Knowledge Catalog for IBM Cloud Pak for Data
- 2.5.0
- 3.0.1
- IBM Aspera Shares
- 1.9.14 Patch Level 1 and earlier
- IBM Business Automation Workflow
- V20.0
- V19.0
- V18.0
- IBM Business Process Manager
- V8.6
- V8.5
- Enterprise Content Management System Monitor
- 5.2
- 5.5
- Netcool/OMNIbus
- 8.1.0
- IMS Enterprise Suite
- 3.3.1
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- هجمة البرمجة عبر المواقع ((Cross-site scripting (XSS)
- هجمة حجب الخدمة (DoS attack)
- تنفيذ برمجيات خبيثة
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتIBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-improper-dll-loading-vulnerability-affecting-aspera-connect-3-9-9-and-earlier/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-netcool-agile-service-manager-cve-2020-2654/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-for-multiplatforms-oct-2019-cpu-cve-2019-2964-cve-2019-2989-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-for-multiplatforms-apr-2020-cpu-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-metadata-asset-manager-is-vulnerable-to-stored-cross-site-scripting-and-server-side-request-forgery/
- https://www.ibm.com/blogs/psirt/security-bulletin-java-quarterly-cpu-affecting-watson-knowledge-catalog-for-ibm-cloud-pak-for-data-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-shares-1-9-14-patch-level-1-and-earlier-are-vulnerable-to-dom-xss/
- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affects-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-4516/
- https://www.ibm.com/blogs/psirt/security-bulletin-enterprise-content-management-system-monitor-is-affected-by-a-vulnerability-in-ibm-sdk-java-technology-edition/
- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerabilities-in-jquery-might-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-7656-cve-2020-11022-cve-2020-11023/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-runtime-affecting-tivoli-netcool-omnibus-multiple-cves-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-affects-ims-enterprise-suite-explorer-for-development-cve-2020-14577/
- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-4698/
قيم المحتوى
شارك الصفحة
