تحديثات IBM
1882تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
10 مارس, 2021
● عالي
2021-2600
الكل
الوصف:
أصدرت IBM عدة تحديثات لمعالجة عدد من الثغرات في المنتجات التالية:
- ISPIM
- 2.1.1
- 2.0.2
- 2.1.0
- API ConnectAPI Connect
- V10.0.1.1
- 2018.4.1.0-2018.4.1.13
- IBM Tivoli System Automation for Multiplatforms
- 4.1
- WebSphere Application Server
- 9.0
- 8.5
- 8.0
- 7.0
- IBM Cognos Planning
- 10.2.1
- 10.2.0
- Rational Software Architect Designer (RSAD)
- 9.6x
- 9.7x
- Rational Software Architect Designer for WebSphere Software (RSAD4WS)
- 9.6x
- 9.7x
- IBM Security Guardium Insights
- 2.0.1
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- هجمة حجب الخدمة (DoS attack)
- الكشف والإفصاح عن معلومات حساسة
- تنفيذ برمجيات خبيثة
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتIBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-a-denial-of-service-dos-vulnerability-in-openssl-cve-2020-1971/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-an-information-disclosure-cve-2020-4329/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-for-multiplatforms-oct-2020-cpu/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-application-manager-jan-2021-cpu-cve-2020-27221/
- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-a-directory-traversal-vulnerability-cve-2020-5016/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-application-manager-oct-2020-cpu-cve-2020-14782/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cognos-planning-q12021/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-docker-cve-2021-21285-cve-2021-21284/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-a-code-execution-vulnerability-cve-2020-4464/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-oct-2020-and-jan-2021/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-a-go-denial-of-service-vulnerability-cve-2020-7919/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-system-automation-for-multiplatforms-jan-2021-cpu-cve-2020-27221/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-a-denial-of-service-vulnerability-cve-2020-278