الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تحديثات IBM
2026
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
23 يونيو, 2020
● عالي
2020-1386
الكل
الوصف:
أصدرت IBM عدّة تحديثات لمعالجة عددًا من الثغرات في المنتجات التالية:
- IBM Security Guardium
- 10.6
- 11.1
- 11.1
- IBM Security Secret Server
- IBM PowerVC Standard
- 1.4.3
- IBM Cloud PowerVC Manager
- 1.4.3
- API Connect
- V2018.4.1.0-2018.4.1.10
- ICP – Discovery
- 2.0.0-2.1.2
- WA for ICP
- 1.4.1
- IBM eDiscovery Manager
- 2.2.2
- WA for CP4D
- 1.4.1
- IBM Netezza Host Management
- 5.4.9.0 – 5.4.26.0
- IBM i
- 7.4
- 7.3
- 7.2
- 7.1
- Voice Gateway
- 1.0.2
- 1.0.2.4
- 1.0.3
- 1.0.4
- 1.0.5
- IBM Emptoris Program Management
- 10.1.3.x,10.1.1.x, 10.1.0.x
- IBM Emptoris Sourcing
- 10.1.3.x,10.1.1.x, 10.1.0.x
- IBM Emptoris Contract Management
- 10.1.3.x,10.1.1.x, 10.1.0.x
- IBM Emptoris Supplier Lifecycle Mgmt
- 10.1.3.x,10.1.1.x, 10.1.0.x
- IBM Cloud Pak System
- 2.3, 2.3.0.1
- RDNG
- 6.0.2
- 6.0.6.1
- 6.0.6
- DOORS Next
- 7.0
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- هجمة حجب الخدمة (DoS attack) عن بعد.
- فك تشفير معلومات حساسة.
- ترقية ورفع الصلاحيات.
- تجاوز سعة مخزن الذاكرة المؤقت (Buffer overflow).
- هجمة البرمجة عبر المواقع (Cross-site scripting (XSS)).
- تنفيذ برمجيات خبيثة عن بعد.
الإجراءات الوقائية:
يوصي المركز بتحديث المنتجات المتأثرة، حيث أصدرت IBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-use-of-a-broken-or-risky-cryptographic-algorithm-vulnerability-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-kernel-vulnerabilities-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-left-over-debug-code-in-js-files-vulnerability-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-security-secret-server-cve-2020-4342/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-use-of-insufficiently-random-value-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-kernel-vulnerability-11/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-security-secret-server-cve-2020-4322/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-security-secret-server-cve-2020-4341/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-security-secret-server-cve-2020-4413/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-security-secret-server-cve-2020-4327/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-improper-restriction-of-excessive-authentication-attempts-vulnerability-2/
- ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-hard-coded-passwords-vulnerability-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-os-command-injection-vulnerabilities-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-powervc-is-impacted-by-an-openstack-nova-vulnerability-which-could-leak-consoleauth-tokens-into-log-files-cve-2015-9543/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-security-secret-server-cve-2020-4323/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v2018-ova-is-vulnerable-to-denial-of-service-cve-2020-8551-cve-2020-8552/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-cross-site-scripting-vulnerability-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-fasterxml-jackson-databind-6/
- https://www.ibm.com/blogs/psirt/security-bulletin-january-2020-critical-patch-update-for-java/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-commons-fileupload-publicly-disclosed-vulnerability-in-ibm-ediscovery-manager/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-java/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-potential-vulnerabilities-in-node-js/
- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-fasterxml-jackson-databind/
- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-kernel-affect-ibm-netezza-host-management/
- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-for-ibm-i-is-affected-by-cve-2020-1967/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-elastic-elasticsearch/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-java-sdk-affects-ibm-voice-gateway-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-tensorflow/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-postgresql/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-in-ibm-websphere-application-server-affects-ibm-voice-gateway-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-in-ibm-websphere-application-server-affects-ibm-voice-gateway-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-in-java/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-i-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-db2-database-server-security-vulnerabilities-affect-ibm-emptoris-strategic-supply-management-platform/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-db2-database-server-security-vulnerabilities-affect-ibm-emptoris-supplier-lifecycle-mgmt/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-apache-tika/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-db2-database-server-security-vulnerabilities-affect-ibm-emptoris-contract-management/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-engineering-requirements-management-doors-next/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-identified-in-apache-activemq-used-in-cloud-pak-system-cve-2020-1941/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-db2-database-server-security-vulnerabilities-affect-ibm-emptoris-sourcing/
قيم المحتوى
شارك الصفحة
