تحديثات IBM
1886تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
15 ديسمبر, 2020
● عالي
2020-2201
الكل
الوصف:
أصدرت IBM عدّة تحديثات لمعالجة عددٍ من الثغرات في المنتجات التالية:
- IBM Cloud Pak for Multicloud Management
- 2.0
- IBM Cloud Transformation Advisor
- 2.3.0
- 2.3.1
- IBM Cloud Pak for Multicloud Management Infrastructure Management
- 2.0
- IBM Tivoli Netcool OMNIbus Integrations – Java Gateway Framework (nco-g-java)
- 8.0-9.0
- HMC V9.1.910.0
- V9.1.910.0
- IBM Sterling Connect:Direct for UNIX
- 4.2.0
- 4.3.0
- IBM Connect:Direct for UNIX
- 6.1.0
- 6.0.0
- IBM Tivoli Monitoring
- 6.3.0
- IBM Blockchain Platform (Software/on-prem)
- IBM Netcool Operations Insight Event Integrations Operator
- 1.0.0 - 1.1.0
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- حقن البرمجيات (Code injection)
- تجاوز سعة مخزن الذاكرة المؤقت
- هجمة حجب الخدمة (DoS attack)
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة، حيث أصدرت IBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-lodash-module-affects-ibm-cloud-pak-for-multicloud-management-infrastructure-management-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-multiple-node-js-vulnerabilities-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-rails-action-view-affects-the-ibm-cloud-pak-for-multicloud-management-infrastructure-management-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-apache-httpclient-shipped-with-netcool-omnibus-integrations-java-gateway-framework-cve-2020-13956/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-http-cve-2019-10098-and-cve-2020-1927/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-jison-affects-ibm-cloud-pak-for-multicloud-management-managed-service-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-authentication-mechanism-vulnerability-affects-ibm-connectdirect-for-unix-cve-2020-4747/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-node-fetch-module-affects-ibm-cloud-pak-for-multicloud-management-infrastructure-management-and-managed-service-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-monitoring-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-libssh2-cve-2019-17498/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-go-affects-ibm-cloud-pak-for-multicloud-management-managed-service-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-acorn-and-bootstrap-select-affects-ibm-cloud-pak-for-multicloud-management-infrastructure-management-and-managed-service-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibp-javaenv-and-dind-images/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-serialize-javascript-affects-ibm-cloud-pak-for-multicloud-management-managed-service-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-have-been-identified-in-jwt-go-shipped-with-ibm-netcool-operations-insight-event-integrations-operator-cve-2020-26160/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-nss-and-nspr-cve-2019-17006/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-go-affects-ibm-cloud-pak-for-multicloud-management-managed-service-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-gradle-version-in-ibp-javaenv-and-dind-images-depends-on-vulnerable-apache-ant/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-angular-js-affects-ibm-cloud-pak-for-multicloud-management-infrastructure-management-and-managed-service-2/