تحديثات IBM
1791تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
28 فبراير, 2021
● عالي
2021-2541
الكل
الوصف:
أصدرت IBM عدّة تحديثات لمعالجة عددٍ من الثغرات في المنتجات التالية:
- IBM Resilient OnPrem
- IBM Security SOAR
- APM AM
- 8.1.4
- BAM
- 1.0
- APM SaaS
- 8.1.4
- APM on-premise
- 8.1.4
- ICAM
- 2019.3.0
- IBM Cloud Pak for Multicloud Management Security Services
- 2.0
- 2.1
- 2.2
- IBM Tivoli Application Dependency Discovery Manager
- 7.3.0.0 – 7.3.0.8
- IBM Cloud Private
- 3.2.1 CD
- 3.2.2 CD
- Datacap Taskmaster Capture
- 9.1.7
- IBM Cloud APM, Base Private
- 8.1.4
- IBM Cloud APM, Advanced Private
- 8.1.4
- IBM Cloud APM
- 8.1.4
- IBM Security Guardium Insights
- 2.5
- DOORS Next
- 7.0
- 7.0.1
- 7.0.2
- RDNG
- 6.0.6.1
- 6.0.6
- PUB
- 7.0.1
- 7.0.2
- 7.0
- EWM
- 7.0.2
- 7.0.1
- RTC
- 6.0.2
- 6.0.6.1
- EWM
- 7.0
- RTC
- 6.0.6
- Global Configuration Management
- ETM
- 7.0.2
- 7.0.1
- 7.0.0
- RQM
- 6.0.6.1
- 6.0.6
- 6.0.2
- IBM Engineering Requirements Quality Assistant On-Premises
- ICP – Discovery
- 2.0.0-2.2.0
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- تنفيذ أوامر خبيثة عن بعد
- هجمة حجب الخدمة (DoS attack)
- الوصول للمعلومات الحساسة
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة، حيث أصدرت IBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-soar-is-using-opensaml-2-6-4-jar-that-could-be-vulnerable-to-bypass-security-restrictions-cve-2015-1796/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozilla-firefox-less-than-firefox-78-5-esr-cve-2020-26951-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if11-icam2019-3-0-2020-2-0/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-go-affect-ibm-cloud-pak-for-multicloud-management-hybrid-grc-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozilla-firefox-less-than-firefox-78-5-esr-cve-2020-15677-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if12-icam2019-3-0-2020-2-0/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozilla-firefox-less-than-firefox-78-5-esr-cve-2020-15683-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if12-icam2019-3-0-2020-2-0/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-oct-2020/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-affects-ibm-cloud-private-openssl-cve-2019-1551-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-soar-is-using-components-with-known-vulnerabilities-java-se-cve-2020-14779-cve-2020-14792-cve-2020-14796-cve-2020-14797-cve-2020-14798/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-a-node-js-lodash-vulnerability-cveid-183560-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozilla-firefox-less-than-firefox-78-5-esr-cve-2020-26950-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if12-icam2019-3-0-2020-2-0/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-a-mongodb-vulnerability-cve-2020-7923/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-go-vulnerabilities-cve-2021-3114-cve-2021-3115/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-node-js-vulnerabilities-cve-2020-8201-cve-2020-8252-cve-2020-8251/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-etcd-vulnerabilities-cve-2020-15106-cve-2020-15112-cve-2020-15113/
- https://www.ibm.com/blogs/psirt/security-bulletin-datacap-taskmaster-capture-is-affected-by-vulnerable-to-appscans-sslv3-client-hello-with-cbc-cipher-suites-that-contain-tls_fallback_scsv-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-performance-management-products-7/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-java-vulnerabilities-cve-2020-14792-cve-2020-14797-cve-2020-14781-cve-2020-14779-cve-2020-14798-cve-2020-14796/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-kubernetes-vulnerabilities/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-the-ibm-performance-management-product/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-a-go-vulnerability-cve-2020-15586/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-curl-vulnerabilities-cve-2020-8169-cve-2020-8177/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-multiple-vulnerabilities-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-a-go-vulnerability-cve-2020-16845/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-a-websphere-application-server-liberty-vulnerability-cve-2020-4590/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-kubernetes-vulnerabilities-cve-2020-8566-cve-2020-8565-cve-2020-8563-cve-2020-8564/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-a-java-vulnerability-cve-2020-14782/
- https://www.ibm.com/blogs/psirt/security-bulletin-google-api-client-as-used-by-ibm-qradar-siem-is-vulnerable-to-authorization-bypass-cve-2020-7692/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-a-python-vulnerability-cve-2020-25659/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-affect-ibm-engineering-products/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-mongodb-vulnerabilities-cve-2020-7926-cve-2020-7925-cve-2020-7928/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-a-go-vulnerability-cve-2020-28362/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-google-guava/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-google-guava/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-node-js-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-tensorflow-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-xstream/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-xstream/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-apache-httpclient/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-java-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-python-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-fasterxml-jackson-databind-9/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-go-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-spring/