تحديثات IBM
1634تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
17 ديسمبر, 2020
● متوسط
2020-2225
الكل
الوصف:
أصدرت IBM عدّة تحديثات لمعالجة عددٍ من الثغرات في المنتجات التالية:
- IBM Watson Speech Services for Cloud Pak for Data
- 1.2
- IBM Sterling Connect:Direct for UNIX
- 4.2.0
- 4.3.0
- IBM Connect:Direct for UNIX
- 6.0.0
- 6.1.0
- IBM® Db2®
- V9.7
- V10.1
- V10.5
- V11.1
- V11.5
- IBM Security Secret Server
- RPT
- 9.5
- IBM License Metric Tool
- z/Transaction Processing Facility
- 1.1
- IBM Watson Speech Services for Cloud Pak for Data
- 1.2
- IBM Security Key Lifecycle Manager
- 4.0
- 3.0.1
- IBM Security Privilege Manager
- النسخ ماقبل 10.8
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- حقن البرمجيات (Code injection)
- تجاوز سعة مخزن الذاكرة المؤقت
- هجمة حجب الخدمة (DoS attack)
- الحصول على معلومات حساسة
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة، حيث أصدرت IBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerability-affects-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-for-cloud-pak-for-data-1-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-gnu-c-library-vulnerability-affects-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-for-cloud-pak-for-data-1-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-tomcat-vulnerabilities-affect-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-for-cloud-pak-for-data-1-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-authentication-mechanism-vulnerability-affects-ibm-connectdirect-for-unix-cve-2020-4747-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-a-denial-of-service-attack-cve-2020-4420-6/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-security-secret-server-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-may-be-vulnerable-to-a-denial-of-service-attack-cve-2020-4355-6/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-performance-tester-primary-tabs/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-javascript-affects-ibm-license-metric-tool-v9-cve-2020-8203/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-performance-tester/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-z-tpf-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-liberty-vulnerabilities-affect-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-for-cloud-pak-for-data-1-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-buffer-overflow-leading-to-a-privileged-escalation-cve-2020-4363-8/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-and-denial-of-service-cve-2020-4414-6/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-service-tester-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-cve-2020-4387-7/
- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilities-affect-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-for-cloud-pak-for-data-1-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerabilities-affect-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-for-cloud-pak-for-data-1-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-security-key-lifecycle-manager-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-gnu-glibc-vulnerability-affects-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-for-cloud-pak-for-data-1-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-cve-2020-4386-6/
- https://www.ibm.com/blogs/psirt/security-bulletin-spring-framework-vulnerabilities-affect-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-for-cloud-pak-for-data-1-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-tomcat-vulnerabilities-affect-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-for-cloud-pak-for-data-1-2-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-performance-tester-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerablity-affects-ibm-watson-speech-services-for-cloud-pak-for-data-1-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-ibm-security-verify-privilege-manager-previously-known-as-ibm-security-privilege-manager-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-and-ibm-java-runtime-affects-rational-performance-tester/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-service-tester-3/