تحديثات IBM
1558تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
11 يوليو, 2021
● عالي
2021-3166
الكل
الوصف:
أصدرت IBM عدّة تحديثات لمعالجة عددٍ من الثغرات في المنتجات التالية:
- IBM Tivoli Netcool Impact
- 7.1.0.20 ~ 7.1.0.21
- IBM MQ Appliance
- 9.1 LTS
- 9.2 CD
- 9.2 LTS
- 9.1 CD
- IBM License Metric Tool
- IBM Elastic Storage System
- 6.0.0 – 6.1.1.0
- IBM Tivoli Netcool/OMNIbus_GUI
- 8.1.x
- IBM Event Streams
- 10.0.x
- 10.1.x
- 10.2.x
- 10.3.x
- IBM Global High Availability Mailbox
- 6.0.2
- IBM App connect Enterprise
- 3.0.0.2
- V11
- V11.0.0.0 – V11.0.0.12
- IBM Guardium Data Encryption (GDE)
- 3.0.0.2
التهديدات:
يمكن للمهاجم استغلال الثغرات بتنفيذ برمجيات خبيثة.
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة، حيث أصدرت IBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-uses-weaker-than-expected-cryptographic-algorithms-cve-2021-29794/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-commons-affects-tivoli-netcool-impact-cve-2021-29425/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-sdk-java-technology-edition-shipped-with-ibm-tivoli-netcool-impact-cve-2021-2161/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-an-openldap-vulnerability-cve-2020-25692/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ruby-on-rails-affects-ibm-license-metric-tool-v9-cve-2021-22885/
- https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulnerabilities-in-the-linux-kernel-used-in-ibm-elastic-storage-system-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-multiple-angularjs-vulnerabilities/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-mozilla-network-security-services-nss-vulnerability-cve-2020-25648/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-tivoli-netcool-omnibus-webgui-cve-2021-29803-cve-2021-29804-cve-2021-29805-cve-2021-29822/
- https://www.ibm.com/blogs/psirt/security-bulletin-event-streams-documentation-for-generating-p12-files-incorrectly-adds-the-ca-key-into-the-file-cve-2021-29792/
- https://www.ibm.com/blogs/psirt/security-bulletin-glibc-vulnerability-affects-ibm-elastic-storage-system-cve-2020-27618/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-cxf-vulnerability-affects-ibm-global-mailbox-cve-2021-22696/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-affected-by-a-cross-site-request-forgery-vulnerability-cve-2020-4938/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-v11-is-affected-by-vulnerabilities-in-node-js-cve-2021-23358/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-guardium-data-encryption-gde-cve-2021-20414/