الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تحيثات IBM
2785
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
23 أغسطس, 2020
● عالي
2020-1668
الكل
الوصف:
أصدرت IBM عدّة تحديثات لمعالجة عددًا من الثغرات في المنتجات التالية:
- IBM Spectrum Protect Plus
- 10.1.0-10.1.6
- IBM Cloud Private
- 3.2.1 CD
- 3.2.2 CD
- ITCAM for Transactions
- 7.4.0.x
- The Elastic Storage Server
- 5.3.0 - 5.3.6
- IBM Connect:Direct for UNIX
- 6.1.0
- 6.0.0
- IBM Sterling Connect:Direct for UNIX
- 4.3.0
- 4.2.0
- IBM Netezza Host Management
- 5.4.9.0 – 5.4.28.0
- IBM Security Guardium Insights
- 2.0.1
- Sterling Connect:Direct FTP+
- 1.3.0
- IBM Tivoli Netcool/OMNIbus Integration – Transport Module Common Integration Library
- common-transportmodule-16_0 up to and including common-transportmodule-24_0
- ITCAM for Transactions
- 7.4.0.x
- IBM Operations Analytics Predictive Insights
- 1.3.6
- AIX
- 7.1
- 7.2
- VIOS
- 2.2
- 3.1
- IBM Spectrum Control
- 5.3.1 -5.3.7
- IBM Cloud CLI
- 1.1.0 or earlier
- IBM MQ for HPE NonStop
- 8.1.0
- 8.1.4
- IBM Tivoli Application Dependency Discovery Manager
- 7.3.0.3 – 7.3.0.7
- IBM® Db2®
- Db2 V9.7, V10.1, V10.5, V11.1, and V11.5
- WebSphere Application Server
- 9.0
- 8.5
- 8.0
- 7.0
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- تنفيذ برمجيات خبيثة.
- تجاوز سعة مخزن الذاكرة المؤقت (Buffer overflow).
- الكشف والإفصاح عن المعلومات.
الإجراءات الوقائية:
يوصي المركز بتحديث المنتجات المتأثرة، حيث أصدرت IBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/support/pages/node/6255086
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-multiple-node-js-vulnerabilities-cve-2020-11080-cve-2020-10531-cve-2020-8172-cve-2020-8174/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-java-vulnerabilities-affect-ibm-spectrum-protect-plus-cve-2020-2805-cve-2020-2803-cve-2020-2830-cve-2020-2781-cve-2020-2800-cve-2020-2757-cve-2020-2756-cve-2020-275-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jan-2020-cve-2020-2601-affects-ibm-tivoli-composite-application-manager-for-transactions-robotic-response-time/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jan-2020-includes-oracle-jan-2020-cpu-affects-ibm-tivoli-composite-application-manager-for-transactions-robotic-response-time/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-ibm-elastic-storager-server-where-an-attacker-can-cause-a-denial-of-service-cve-2020-4383/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-sterling-connectdirect-for-unix-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-kernel-affects-ibm-netezza-host-management-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-a-clickjacking-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-a-components-with-known-vulnerabilities-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-sterling-connectdirect-for-unix/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-a-components-with-known-vulnerabilities/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-an-open-redirect-vulnerabilitiy/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-a-jquery-vulnerabilitiy/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-sterling-connectdirect-ftp-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-have-been-identified-in-apache-commons-codec-shipped-with-ibm-tivoli-netcool-omnibus-transport-module-common-integration-library/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-have-been-identified-in-netty-shipped-with-ibm-tivoli-netcool-omnibus-transport-module-common-integration-library-cve-2020-11612/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jan-2002-cve-2020-2654-affects-ibm-tivoli-composite-application-manager-for-transactions-robotic-response-time/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-sterling-connectdirect-ftp-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jan-2020-cve-2020-2590-affects-ibm-tivoli-composite-application-manager-for-transactions-robotic-response-time/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-a-cross-site-request-forgery-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-a-netty-vulnerability-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-spark-2-4-5-and-earlier-affects-ibm-operations-analytics-predictive-insights-cve-2020-9480/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-a-displays-user-password-vulnerabilitiy/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-ibm-elastic-storage-server-where-an-attacker-can-cause-a-denial-of-service-cve-2020-4382/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-connectdirect-for-unix-is-vulnerable-to-a-privilege-escalation-attack-via-its-ndmauth-modules/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-bind-affect-aix-cve-2020-8616-and-cve-2020-8617/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-components-with-known-vulnerabilities/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-websphere-application-server-liberty-affects-ibm-spectrum-control-cve-2020-4329/
- https://www.ibm.com/blogs/psirt/security-bulletin-golang-vulnerabilities-in-ibm-cloud-cli-1-1-0-or-earlier/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-vulnerability-cve-2020-4465/
- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-in-websphere-application-server-liberty/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-control-cve-2020-8172-cve-2020-8174-cve-2020-11080/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-and-denial-of-service-cve-2020-4414-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-sdk-affect-ibm-spectrum-control-cve-2020-2654-cve-2020-2781-cve-2020-2800/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-vulnerability-cve-2020-4375/
- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-a-remote-code-execution-vulnerability-cve-2020-4589-3/
قيم المحتوى
شارك الصفحة
