تحديثات IBM
2280تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
28 إبريل, 2021
● عالي
2021-2839
الكل
الوصف:
أصدرت IBM عدة تحديثات لمعالجة عدد من الثغرات في عدد من منتجاتها، أبرزها:
- IBM Spectrum Scale
- 5.0.0 – 5.0.5.6
- 5.1.0 – 5.1.0.2
- IBM Spectrum Protect Snapshot for Db2 on AIX and Linux
- 8.1.0.0-8.1.11.0
- IBM Spectrum Protect Snapshot for Custom Applications on AIX and Linux
- 8.1.0.0-8.1.11.0
- IBM Spectrum Protect Snapshot for Oracle on AIX and Linux
- 8.1.0.0-8.1.11.0
- IBM Spectrum Protect Snapshot for Oracle with SAP on AIX and Linux
- 8.1.0.0-8.1.11.0
- All fix pack levels of IBM Db2 V9.7, V10.1, V10.5, V11.1, and V11.5
- IBM Transformation Extender
- 9.0
- 10.0
- 10.1
- WebSphere Transformation Extender
- 8.4.1
- all versions of Liberty for Java in IBM Cloud up to and including v3.55.
- BAM
- 1.0
- APM SaaS
- 8.1.4
- APM on-premise
- 8.1.4
- ICAM
- 2019.3.0
- IBM Tivoli Monitoring
- 6.3.0 Fix Pack 7 Service Pack 5 (or later Service Pack)
- Content Collector for Email
- 4.0.x
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- هجمة حجب الخدمة (DoS attack)
- تنفيذ برمجيات خبيثة
- هجمة XML external entity (XXE)
- تزوير الطلب عبر المواقع Cross-site request forgery (CSRF)
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتIBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozilla-firefox-less-than-firefox-78-9-0-esr-cve-2020-16044-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if13-icam2019-3-0-2020-2-0/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozilla-firefox-less-than-firefox-78-9-0-esr-cve-2021-23954-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if13-icam2019-3-0-2020-2-0/
- https://www.ibm.com/blogs/psirt/security-bulletin-embedded-websphere-application-server-is-vulnerable-to-a-directory-traversal-vulnerability-affects-content-collector-for-email/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozilla-firefox-less-than-firefox-78-9-0-esr-cve-2021-23987-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if13-icam2019-3-0-2020-2-0/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozilla-firefox-less-than-firefox-78-9-0-esr-cve-2020-26974-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if13-icam2019-3-0-2020-2-0/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-tivoli-monitoring-installed-websphere-application-server/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozilla-firefox-less-than-firefox-78-9-0-esr-cve-2021-23978-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if13-icam2019-3-0-2020-2-0/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-db2fm-is-vulnerable-to-a-buffer-overflow-cve-2020-5025-7/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-navigator-is-vulnerable-to-cross-site-scripting-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-myfaces-affects-liberty-for-java-for-ibm-cloud-cve-2021-26296-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-buffer-overflow-vulnerability-in-ibm-sdk-affects-ibm-transformation-extender-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-a-denial-of-service-cve-2020-5024-6/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-ibm-spectrum-protect-snapshot-on-aix-and-linux-cve-2020-27221/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-navigator-is-vulnerable-to-cross-site-scripting-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-the-ibm-spectrum-scale-gui-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-weak-file-permissions-allowing-access-to-specific-files-cve-2020-4976-6/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-spectrum-scale-csi-could-allow-insecure-external-command-execution-cve-2020-4981/