تحديثات IBM
1537تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
28 يوليو, 2021
● عالي
2021-3269
الكل
الوصف:
أصدرت IBM عدّة تحديثات لمعالجة عددٍ من الثغرات في المنتجات التالية:
- IBM Cloud Pak for Multicloud Management Infrastructure Management
- IBM i2 Analyst's Notebook Premium
- IBM Engineering Requirements Quality Assistant On-Premises
- IBM QRadar SIEM
- 7.3.0 to 7.3.3 Patch 8
- 7.4.0 to 7.4.3 GA
- IBM Emptoris Supplier Lifecycle Mgmt
- 10.1.1.x
- 10.1.0.x
- 10.1.3.x
- IBM Operations Analytics Predictive Insights
- 1.3.3
- 1.3.5
- 1.3.6
- VMRM HA/DR
- V1.5 and below
- IBM Guardium Data Encryption (GDE)
- 4.0
- IBM Cloud Application Business Insights
- 1.1.5
- 1.1.6
- IBM Emptoris Sourcing
- 10.1.1.x
- 10.1.0.x
- 10.1.3.x
- IBM i2 Analyze
- 4.3.0
- 4.3.1
- 4.3.2
- gpfs.tct.client
- 1.1.5
- 1.1.3
- 1.1.2
- 1.1.1
- gpfs.tct.server
- 1.1.2
- 1.1.6
- 1.1.3
- 1.1.1
- 1.1.5
- 1.1.4
- 1.1.7
- 1.1.3
- 1.1.8
- Sterling Connect:Direct Browser User Interface
- 1.5.0.2
- 1.4.1.1
- RabbitMQ
- Before 7.3
- Before 7.4
- RDNG
- 6.0.6
- 6.0.6.1
- RELM
- 6.0.6.1
- 6.0.6
- 6.0.2
- ENI
- 7.0.1
- 7.0
- 7.0.2
- RQM
- 6.0.6.1
- 6.0.6
- ETM
- 7.0.1
- 7.0.0
- 7.0.2
- CLM
- 6.0.6.1
- 6.0.6
- 6.0.2
- ELM
- 7.0
- 7.0.1
- 7.0.2
- DOORS Next
- 7.0.1
- 7.0.2
- 7.0
- EWM
- 7.0.2
- 7.0
- 7.0.1
- RTC
- 6.0.6.1
- 6.0.6
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- الحصول على معلومات حساسة
- حجب الخدمة (DoS)
- تنفيذ برمجيات خبيثة
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة، حيث أصدرت IBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-an-xml-external-entity-injection-xxe-attack-cve-2021-20399/
- https://www.ibm.com/blogs/psirt/security-bulletin-grub2-as-used-by-ibm-qradar-siem-is-vulnerable-to-arbitrary-code-execution/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-ruby-on-rails-affects-ibm-cloud-pak-for-multicloud-management-infrastructure-management-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-supplier-lifecycle-mgmt-cve-2021-2207/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-vulnerabilities-affect-ibm-emptoris-contract-management-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-deferred-from-oracle-oct-2020-cpu-for-java-8-cve-2020-14781-may-affect-ibm-sdk-java-technology-edition-and-ibm-operations-analytics-predictive-insig/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-vulnerabilities-affect-ibm-emptoris-program-management-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-deferred-from-oracle-oct-2020-cpu-for-java-8-cve-2020-14781-may-affect-ibm-sdk-java-technology-edition-and-ibm-operations-analytics-predictive-insig/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-9/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-npm-affects-ibm-vm-recovery-manager/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-guardium-data-encryption-gde-cve-2020-7676/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-java-and-wlp-affects-ibm-cloud-application-business-insights/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-analysts-notebook-premium-uses-a-component-with-known-vulnerabilities-cve-2020-16013-cve-2020-16009-cve-2020-15999/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-10/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-vulnerabilities-affect-ibm-emptoris-sourcing-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-i2-analyse-and-analysts-notebook-premium-have-hyperlink-clicking-vulnerability-cve-2021-29770/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-transparent-could-tiering-is-affected-by-a-vulnerability-in-apache-commons-io-cve-2021-29425/
- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-in-ibm-i2-analyze-cve-2021-29766/
- https://www.ibm.com/blogs/psirt/security-bulletin-rabbitmq-as-used-by-ibm-qradar-siem-is-vulnerable-to-unsafe-deserialization-cve-2020-36282-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-affect-engineering-lifecycle-management-and-ibm-engineering-products/
- https://www.ibm.com/blogs/psirt/security-bulletin-http-header-vulnerability-affects-ibm-sterling-connectdirect-browser-user-interface-cve-2021-20560/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-npm-affects-ibm-vm-recovery-manager-2/