تحديثات IBM
1782تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
16 ديسمبر, 2020
● عالي
2020-2214
الكل
الوصف:
أصدرت IBM عدّة تحديثات لمعالجة عددٍ من الثغرات في المنتجات التالية:
- IBM Tivoli Netcool Impact 7.1.0
- 7.1.0.0~7.1.0.19 Interim Fix 7
- IBM Cloud Pak for Multicloud Management Infrastructure Management
- 2.0
- 2.1
- IBM WebSphere Cast Iron Solution
- 7.0.0.x Marked as Invalid
- 7.5.0.x Marked as Invalid
- WebSphere Cast Iron
- v 7.5.0.0, 7.5.0.1, 7.5.1.0
- v 7.0.0.0, 7.0.0.1, 7.0.0.2
- App Connect Professional
- v 7.5.2.0
- v 7.5.3.0
- v 7.5.4.0
- IBM Tivoli Netcool System Service Monitors/Application Service Monitors
- 4.0.1
- IBM Tivoli Netcool Impact 7.1.0
- 7.1.0.0~7.1.0.19 Interim Fix 7
- IBM QRadar
- 7.3.0 - 7.3.3 Patch 5
- 7.4.0 - 7.4.1 Patch 1
- IBM Cloud Pak for Multicloud Management Infrastructure Management
- 2.0
- 2.1
- IBM Flex System EN2092 1Gb Ethernet Scalable Switch
- 7.8
- IBM Flex System Fabric SI4093 GbFSIM 10Gb Scalable Switch
- 7.8
- IBM Flex System Fabric EN4093/EN4093R 10Gb Scalable Switch
- 7.8
- IBM Flex System CN4093 10Gb Converged Scalable SwitchIBM Flex System CN4093 10Gb Converged Scalable Switch
- 7.8
- IBM RackSwitch firmware
- IBM Cloud Event Management on IBM Cloud Private
- IBM Sterling File Gateway
- 2.2.0.0 – 6.0.3.2
- Netcool Operations Insight – Cloud Native Event Analytics
- 1.6.x
- IBM Tivoli Netcool/OMNIbus_GUI
- 8.1.x
- IBM Sterling B2B Integrator
- 5.2.0.0 – 6.0.3.2
- IBM Flex System switch firmware
- IBM Financial Transaction Manager for SWIFT Services for Multiplatforms
- 3.2.4
- IBM Netezza for Cloud Pak for Data
- IBM WebSphere Application Server in IBM Cloud
- 9.0
- 8.5
- Liberty
- App Connect Enterprise Certified Container
- 1.0.0 with Operator
- 1.0.1 with Operator
- 1.0.2 with Operator
- 1.0.3 with Operator
- 1.0.4 with Operator
- 1.0.5 with Operator
- Netcool Operations Insight – Cloud Native Event Analytics
- 1.6.x
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- حقن البرمجيات (Code injection)
- تجاوز سعة مخزن الذاكرة المؤقت
- هجمة حجب الخدمة (DoS attack)
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة، حيث أصدرت IBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-a-reverse-tabnabbing-vulnerability-cve-2020-4849/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-csv-parse-module-affects-ibm-cloud-pak-for-multicloud-management-infrastructure-management/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors-cve-2018-5407cve-2020-1967cve-2018-0734cve-2019-1563cve-2019/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-sdk-affects-ibm-tivoli-netcool-impact-cve-2020-14577/
- https://www.ibm.com/blogs/psirt/security-bulletin-ldaptive-as-used-in-ibm-qradar-siem-is-vulnerable-to-spoofing-cve-2014-3607/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-golang-go-affects-ibm-cloud-pak-for-multicloud-management-managed-service/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-flex-system-switch-firmware-products-are-affected-by-a-vulnerability-in-the-kernel-cve-2020-12464/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rackswitch-firmware-products-are-affected-by-vulnerabilities-in-the-kernel/
- https://www.ibm.com/blogs/psirt/security-bulletin-version-12-18-4-of-node-js-included-in-ibm-netcool-operations-insight-1-6-2-x-has-a-security-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affects-ibm-sterling-file-gateway-cve-2020-4657/
- https://www.ibm.com/blogs/psirt/security-bulletin-netcool-operations-insight-cloud-native-event-analytics-is-affected-by-an-apache-commons-codec-vulnerability-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-node-forge-module-affects-ibm-cloud-pak-for-multicloud-management-managed-service/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-batik-affect-tivoli-netcool-omnibus-webgui-cve-2017-5662-cve-2018-8013-cve-2015-0250-cve-2019-17566/
- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affects-ibm-sterling-b2b-integrator-cve-2020-4657/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-bl-module-affects-ibm-cloud-pak-for-multicloud-management-managed-service/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-flex-system-switch-firmware-products-are-affected-by-vulnerabilities-in-the-kernel/
- https://www.ibm.com/blogs/psirt/security-bulletin-version-0-11-4-of-node-js-module-object-path-included-in-ibm-netcool-operations-insight-1-6-2-x-has-a-security-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-various-security-vulnerabilities-in-ibm-financial-transaction-manager-for-swift-services-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-oss-scan-fixes-for-content-pos/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-affects-ibm-cloud-pak-for-multicloud-management-managed-service-and-infrastructure-management/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-qradar-siem-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-postgressql-jdbc-driver-as-used-in-ibm-qradar-siem-is-vulnerable-to-information-disclosure-cve-2020-13692/
- https://www.ibm.com/blogs/psirt/security-bulletin-open-source-security-issues-for-nps-console/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-affect-ibm-websphere-application-server-in-ibm-cloud-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-santuario-as-used-in-ibm-qradar-siem-is-vulnerable-to-improper-input-validation-cve-2019-12400/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rackswitch-firmware-products-are-affected-by-a-vulnerability-in-the-kernel-cve-2020-12464/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-npm-package-affects-ibm-cloud-pak-for-multicloud-management-managed-service/
- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-may-be-vulnerable-to-buffer-overflows-denial-of-service-or-http-request-smuggling/
- https://www.ibm.com/blogs/psirt/security-bulletin-netcool-operations-insight-cloud-native-event-analytics-is-affected-by-an-apache-commons-codec-vulnerability-3/