الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تحديثات IBM
2586
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
10 فبراير, 2021
● عالٍ جدًا
2021-2442
الكل
الوصف:
أصدرت IBM عدّة تحديثات لمعالجة عددٍ من الثغرات في المنتجات التالية:
- IBM MQ
- 9.2 CD
- 9.2 LTS
- IBM Spectrum Protect Plus Db2 database backup and restore
- 10.1.2-10.1.7
- IBM Spectrum Protect Plus MongoDB database backup and restore
- 10.1.3-10.1.7
- IBM Spectrum Protect Plus Container backup and restore for Kubernetes
- 10.1.5-10.1.7
- IBM Spectrum Protect Plus Container backup and restore for OpenShift
- 10.1.7
- IBM Spectrum Protect Plus
- 10.1.0-10.1.7
- IBM Security Guardium
- 11.1
- 11.2
- WebSphere Application Server
- 9.0
- 8.5
- 8.0
- 7.0
- IBM Security Identity Governance and Intelligence
- 5.2.6
- IBM QRadar SIEM
- 7.4.2 GA - 7.4.2 Patch 1
- 7.4.0 - 7.4.1 Patch 1
- 7.3.0 - 7.3.3 Patch 5
- IBM Planning Analytics
- 2.0
- IBM Security QRadar Analyst Workflow
- 1.0.0-1.4.0
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- حجب الخدمة (DoS)
- الحصول على معلومات حساسة
- تنفيذ برمجيات خبيثة عن بعد
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة، حيث أصدرت IBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-an-error-within-eclipse-jetty-cve-2020-27216/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-psutil-affects-ibm-spectrum-protect-plus-backup-and-restore-of-db2-and-mongodb-databases-cve-2019-18874/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-psutil-python-and-golang-affect-ibm-spectrum-protect-plus-container-backup-and-restore-for-kubernetes-and-openshift/
- https://www.ibm.com/blogs/psirt/security-bulletin-denial-of-service-vulnerability-in-ibm-spectrum-protect-plus-cve-2020-5023/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-linux-kernel-and-java-affect-ibm-spectrum-protect-plus/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-apache-commons-vulnerability-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-an-xml-external-entity-xxe-injection-vulnerability-cve-2021-20353/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4790/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-apache-cxf-jar-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-arbitrary-file-read-cve-2020-4789-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-has-addressed-a-security-vulnerability-cve-2016-2183/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4795/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-and-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4995/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-analyst-workflow-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4791/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4996/
قيم المحتوى
شارك الصفحة
