تحديثات IBM
1703تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
4 مايو, 2021
● عالي
2021-2866
الكل
الوصف:
أصدرت IBM عدة تحديثات لمعالجة عدد من الثغرات في المنتجات التالية:
- Sterling Connect:Express for UNIX
- 1.5.x
- IBM Watson Machine Learning on CP4D
- 2.5
- 3.0
- Cloud Orchestrator
- 2.5.0.10
- AIX
- 7.1
- 7.2
- VIOS
- 3.1
- IBM Watson Machine Learning Server on-prem
- 2.0.0
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- تنفيذ برمجيات خبيثة
- هجمة حجب الخدمة (DoS attack)
- تجاوز سعة مخزن الذاكرة المؤقت
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتIBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-go-is-is-vulnerable-to-a-denial-of-service-on-ibm-watson-machine-learning-on-cp4d/
- https://www.ibm.com/blogs/psirt/security-bulletin-netty-security-vulnerabilities-with-zlibdecoders-on-ibm-watson-machine-learning-server/
- https://www.ibm.com/blogs/psirt/security-bulletin-netty-security-vulnerabilities-on-ibm-watson-machine-learning-server/
- https://www.ibm.com/blogs/psirt/security-bulletin-tensor-flow-security-vulnerabilities-with-segmentation-fault-on-ibm-watson-machine-learning-on-cp4d/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-exists-in-the-management-gui-of-the-ibm-flashsystem-900/
- https://www.ibm.com/blogs/psirt/security-bulletin-tensor-flow-security-vulnerabilities-with-denial-of-service-on-ibm-watson-machine-learning-on-cp4d/
- https://www.ibm.com/blogs/psirt/security-bulletin-tensor-flow-security-vulnerabilities-with-denial-of-service-on-ibm-watson-machine-learning-server/
- https://www.ibm.com/blogs/psirt/security-bulletin-tensorflow-is-vulnerable-to-a-heap-based-buffer-overflow-on-ibm-watson-machine-learning-on-cp4d/
- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilities-affect-ibm-sterling-connectexpress-for-unix-cve-2021-3049-cve-2021-3050/
- https://www.ibm.com/blogs/psirt/security-bulletin-go-can-panic-upon-an-attempt-to-process-network-traffic-on-ibm-watson-machine-learning-on-cp4d/
- https://www.ibm.com/blogs/psirt/security-bulletin-go-is-suspectible-for-denial-of-service-on-ibm-watson-machine-learning-on-cp4d/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-may-affect-ibm-cloud-orchestrator-and-ibm-cloud-orchestrator-enterprise-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-go-is-vulnerable-to-a-denial-of-service-on-ibm-watson-machine-learning-on-cp4d/
- https://www.ibm.com/blogs/psirt/security-bulletin-go-is-vulnerable-to-allows-attacks-on-clients-on-ibm-watson-machine-learning-on-cp4d/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-aix-cve-2021-23839-cve-2021-23840-and-cve-2021-23841-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-go-security-vulnerabilities-on-ibm-watson-machine-learning-server/