تحديثات IBM
1691تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
19 مايو, 2021
● عالي
2021-2933
الكل
الوصف:
أصدرت IBM عدة تحديثات لمعالجة عدد من الثغرات في عدد من منتجاتها، ومن أبرزها:
- IBM Sterling B2B Integrator
- 5.2.0.0 – 5.2.6.5_3
- 6.0.0.0 – 6.0.3.3
- 6.1.0.0 – 6.1.0.1
- IBM Cloud Pak for Multicloud Management Monitoring
- before 2.3
- IBM Watson Explorer Deep Analytics Edition Foundational Components
- 12.0.0, 12.0.1, 12.0.2.0 – 12.0.2.2, 12.0.3.0 – 12.0.3.4
- Watson Explorer Foundational Components
- 11.0.0.0 – 11.0.0.3, 11.0.1, 11.0.2.0 – 11.0.2.8
- IBM Cloud Pak for Multicloud Management Security Services
- 2.0
- 2.1
- 2.2
- IBM Security Guardium
- 10.6
- 11.0I
- 11.2
- Resilient OnPrem
- IBM Security SOAR
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- تجاوز سعة مخزن الذاكرة المؤقت
- تنفيذ برمجيات خبيثة
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتIBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-client-side-http-parameter-pollution-in-was-intelligent-management-admin-console/
- https://www.ibm.com/blogs/psirt/security-bulletin-access-control-security-vulnerability-exists-in-dashboard-user-interface-of-ibm-sterling-b2b-integrator-cve-2020-4646/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-soar-is-using-components-with-known-vulnerabilities-java-se-cve-2020-14782/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-java-affects-ibm-cloud-pak-for-multicloud-management-monitoring-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-7-0-8-0-8-5-9-0-and-liberty-could-allow-a-remote-attacker-to-obtain-sensitive-information-when-a-stack-trace-is-returned-in-the-browser/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-websphere-application-server-affect-ibm-sterling-b2b-integrator-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerablities-in-ibm-sdk-java-technology-edition-quarterly/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-affects-ibm-developer-for-z-systems/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-cross-site-scripting-cve-2021-20374/
- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affects-ibm-sterling-control-center-cve-2021-20528/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-java-affects-ibm-cloud-pak-for-multicloud-management-monitoring/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-15/
- https://www.ibm.com/blogs/psirt/security-bulletin-general-information-vulnerability-affects-ibm-control-center-cve-2021-20529/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-multicloud-management-monitoring-allows-certain-web-pages-to-be-stored-locally/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-java-affects-ibm-cloud-pak-for-multicloud-management-monitoring-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-affects-watson-explorer-foundational-components-cve-2021-23840/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-go-affect-ibm-cloud-pak-for-multicloud-management-hybrid-grc-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-soar-is-using-components-with-known-vulnerabilities-java-se-cve-2020-14803-cve-2020-27221/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affects-ibm-sterling-b2b-integrator/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-in-xstream-affects-ibm-sterling-b2b-integrator-cve-2020-26217/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-mozilla-firefox-affect-ibm-cloud-pak-for-multicloud-management-monitoring/