تحديثات IBM
1560تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
20 يوليو, 2021
● عالي
2021-3220
الكل
الوصف:
أصدرت IBM عدّة تحديثات لمعالجة عددٍ من الثغرات في المنتجات التالية:
- IBM Cloud Pak System
- V2.3
- v2.3.0.1, v2.3.1.1, v.2.3.2.0
- v2.3.3.0, v2.3.3.1, v.2.3.3.2, v.2.3.3.3
- IBM API Connect
- V5.0.0.0-V5.0.8.11
- IBM Watson Explorer Deep Analytics Edition Foundational Components
- 12.0.0.0, 12.0.1, 12.0.2.0 – 12.0.2.2, 12.0.3.0 – 12.0.3.5
- IBM Watson Explorer Deep Analytics Edition Analytical Components
- 12.0.0.0, 12.0.1, 12.0.2.0 – 12.0.2.2, 12.0.3.0 – 12.0.3.5
- IBM Watson Explorer Deep Analytics Edition oneWEX
- 12.0.0.0, 12.0.0.1, 12.0.1, 12.0.2.0 – 12.0.2.2, 12.0.3.0 – 12.0.3.5
- IBM Watson Explorer Foundational Components
- 11.0.0.0 – 11.0.0.3, 11.0.1, 11.0.2.0 – 11.0.2.9
- IBM Watson Explorer Analytical Components
- 11.0.0.0 – 11.0.0.3, 11.0.1, 11.0.2.0 – 11.0.2.9
- IBM Spectrum Scale
- 5.0.0 – 5.0.5.6 (HDFS Transparency version – 3.1.1-5)
- 5.1.0 – 5.1.0.3 (HDFS Transparency version – 3.1.0-8)
- IBM App connect Enterprise
- V11 , V11.0.0.0 – V11.0.0.12
- IBM OS Image for Red Hat Linux Systems
- 3.0
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- حجب الخدمة (DoS)
- الحصول على معلومات حساسة
- تنفيذ برمجيات خبيثة
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة، حيث أصدرت IBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-vmware-affect-ibm-cloud-pak-system/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-node-js-and-openssl-cve-2021-23840-cve-2021-22884-cve-2021-22883/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-jackson-databind-affects-cloud-pak-system-cve-2020-25649/
- https://www.ibm.com/blogs/psirt/security-bulletin-watson-explorer-is-affected-by-apache-pdfbox-vulnerabilities-cve-2021-27807-cve-2021-27906-cve-2021-31811-cve-2021-31812/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-python-affect-os-image-for-redhat-bundled-with-cloud-pak-system/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-docker-affect-ibm-cloud-pak-system/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-cloud-pak-system-cve-2020-1971/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-spectrum-scale-could-allow-an-authenticated-user-to-gain-elevated-privileges-cve-2020-9492/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-self-service-console-affects-ibm-cloud-pak-system-cve-2021-20478/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-v11-is-affected-by-vulnerabilities-in-node-js-cve-2021-23358-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-os-images-for-red-hat-linux-systems-used-by-ibm-cloud-pak-system-jan2021-updates/