تحديثات IBM
1856تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
6 ديسمبر, 2020
● عالي
2020-2148
الكل
الوصف:
أصدرت IBM عدّة تحديثات لمعالجة عددٍ من الثغرات في المنتجات التالية:
- IBM Tivoli Application Dependency Discovery Manager
- 7.3.0.0 – 7.3.0.8
- IBM Blockchain Platform (Software/on-prem)
- Trusteer Mobile SDK
- IBM Business Automation Workflow
- 19.0.0.x
- 20.0.0.1
- IBM Emptoris Strategic Supply Management Platform
- 10.1.0.x
- 10.1.1.x
- 10.1.3.x
- IBM Watson Explorer Deep Analytics Edition Foundational and Analytical Components
- 12.0.0.0
- 12.0.1
- 12.0.2.0 – 12.0.2.2
- 12.0.3.0 – 12.0.3.4
- IBM Watson Explorer Deep Analytics Edition oneWEX
- 12.0.0.0
- 12.0.0.1
- 12.0.1
- 12.0.2.0 – 12.0.2.2
- 12.0.3.0 – 12.0.3.4
- IBM Watson Explorer Foundational Components
- 10.0.0.0 – 10.0.0.9
- 11.0.0.0 – 11.0.0.3
- 11.0.1
- 11.0.2.0 – 11.0.2.8
- IBM Watson Explorer Foundational Components Annotation Administration Console
- 12.0.0.0
- 12.0.1
- 12.0.2.0 – 12.0.2.2
- 12.0.3.0 – 12.0.3.4
- 11.0.0.0 – 11.0.0.3
- 11.0.1
- 11.0.2.0 – 11.0.2.8
- 10.0.0.0 – 10.0.0.6
- IBM Watson Explorer Analytical Components
- 11.0.0.0 – 11.0.0.3
- 11.0.1
- 11.0.2.0 – 11.0.2.8
- 10.0.0.0 – 10.0.0.2
- IBM Watson Explorer Content Analytics Studio
- 12.0.0
- 12.0.1
- 12.0.2
- 12.0.3
- 11.0.0.0 – 11.0.0.3,
- 11.0.1
- 11.0.2.0 – 11.0.2.2
- IBM API Connect
- 10.0
- 2018.4.1.0-2018.4.1.11
- IBM Emptoris Spend Analysis, Contract Management, Sourcing and Program Management
- 10.1.3.x
- 10.1.1.x
- 10.1.0.x
- IBM Spectrum Protect Plus Container Agent for Kubernetes - Linux
- 10.1.5-10.1.6
- IBM Spectrum Protect Plus Microsoft File Systems Agent (Windows)
- 10.1.6
- IBM Spectrum Protect Plus
- 10.1.0-10.1.6
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- حجب الخدمة (DoS)
- هجمة البرمجة عبر المواقع (Cross-site scripting (XSS))
- تجاوز القيود الأمنية
- الحصول على معلومات حساسة
- تنفيذ برمجيات خبيثة عن بعد
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة، حيث أصدرت IBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-open-source-python-affects-ibm-tivoli-application-dependency-discovery-manager-cve-2020-26116/
- https://www.ibm.com/blogs/psirt/security-bulletin-upgrade-javaenv2-2-to-address-gradle-oauth-authentication-concerns/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-with-ibm-content-navigator-component-in-ibm-business-automation-workflow-cve-2020-4687-cve-2020-4760-cve-2020-4704/
- https://www.ibm.com/blogs/psirt/security-bulletin-jquery-vulnerabilities-affect-ibm-emptoris-strategic-supply-management-platform-cve-2020-11023-cve-2020-11022/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-watson-explorer-and-watson-explorer-content-analytics-studio-cve-2020-14579-cve-2020-14578-cve-2020-14577-cve-2020-14621/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-vulnerable-to-arbitrary-code-execution-and-security-bypass-in-drupal-cve-2020-13664-cve-2020-13665-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-jquery-vulnerabilities-affect-ibm-emptoris-spend-analysis-cve-2020-11023-cve-2020-11022/
- https://www.ibm.com/blogs/psirt/security-bulletin-jquery-vulnerabilities-affect-ibm-emptoris-contract-management-cve-2020-11023-cve-2020-11022/
- https://www.ibm.com/blogs/psirt/security-bulletin-jquery-vulnerabilities-affect-ibm-emptoris-sourcing-cve-2020-11023-cve-2020-11022/
- https://www.ibm.com/blogs/psirt/security-bulletin-trusteer-mobile-sdk-is-vulnerable-to-cve-2019-17362/
- https://www.ibm.com/blogs/psirt/security-bulletin-jquery-vulnerabilities-affect-ibm-emptoris-program-management-cve-2020-11023-cve-2020-11022/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-urllib3-affects-ibm-spectrum-protect-container-and-microsoft-file-systems-agents-cve-2020-26137/
- https://www.ibm.com/blogs/psirt/security-bulletin-upgrade-to-ibp-v2-5-1-to-address-recent-concerns-issues-with-golang-versions-other-than-1-14-7/
- https://www.ibm.com/blogs/psirt/security-bulletin-denial-of-service-vulnerability-in-chart-js-affects-ibm-spectrum-protect-plus-cve-2020-7746/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-pyyaml-affects-ibm-spectrum-protect-plus-container-and-microsoft-file-systems-agents-cve-2020-1747-2/