الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تحديثات IBM
1950
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
25 أغسطس, 2020
● متوسط
2020-1677
الكل
الوصف:
أصدرت IBM عدّة تحديثات لمعالجة عددًا من الثغرات في المنتجات التالية:
- IBM Security Guardium
- 11.0
- IBM Netezza Host Management
- 5.4.9.0 – 5.4.28.0
- GDE
- 3.0.0.2
- IBM Elastic Storage System 3000
- 6.0.0 – 6.0.0.2
- 5.3.0 – 5.3.5
- IBM Content Collector for SAP Applications
- 4.0
- IBM CICS TX on Cloud
- 10.1.0.0
- IBM MQ for HPE NonStop
- 8.1.0
- 8.1.4
- IBM Security SiteProtector System
- 3.0.0
- 3.1.1
- IBM Spectrum Conductor
- 2.4.1
- IBM TXSeries for Multiplatforms
- 8.2.0.0 – 8.2.0.2
- 9.1.0.0 – 9.1.0.1
- IBM Netcool Agile Service Manager
- 1.1
- IBM Operations Analytics Predictive Insights
- 1.3.6
- AIX
- 7.1
- 7.2
- VIOS
- 2.2
- 3.1
- IBM Spectrum Control
- 5.3.1 -5.3.7
- IBM Cloud CLI
- 1.1.0 or earlier
- IBM MQ for HPE NonStop
- 8.1.0
- 8.1.4
- IBM Tivoli Application Dependency Discovery Manager
- 7.3.0.3 – 7.3.0.7
- IBM® Db2®
- Db2 V9.7, V10.1, V10.5, V11.1, and V11.5
- WebSphere Application Server
- 9.0
- 8.5
- 8.0
- 7.0
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- هجمة البرمجة عبر المواقع ((Cross-site scripting (XSS)
- هجمة حجب الخدمة (DoS attack)
- الكشف والإفصاح عن المعلومات.
الإجراءات الوقائية:
يوصي المركز بتحديث المنتجات المتأثرة، حيث أصدرت IBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-missing-security-control-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-kernel-affect-ibm-netezza-host-management-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-guardium-data-encryption-gde-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-system-3000-is-affected-by-weak-crypto-algorithm-cve-2020-4349/
- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-2654-may-affect-ibm-sdk-java-technology-edition-for-content-collecor-for-sap-applications/
- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-for-information-disclosure-that-affect-ibm-cics-tx-on-cloud/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-system-3000-gui-is-affected-by-verbose-error-message-cve-2020-4357/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-system-3000-gui-is-affected-by-weak-crypto-algorithm-cve-2020-4379/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-vulnerability-cve-2020-4319/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-guardium-data-encryption-gde/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-apr-2020-includes-oracle-apr-2020-cpu-minus-cve-2020-2773-affect-content-collecor-for-sap-applications/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-ibm-elastic-storage-system-3000-gui-where-an-unauthorised-user-can-execute-commands-cve-2020-4348/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-security-siteprotector-system-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-openjdk-java-runtime-environment-jre-affect-ibm-spectrum-conductor-2-4-1/
- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-information-disclosure-that-affects-txseries-for-multiplatforms/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-ibm-elastic-storage-system-gui-where-authorised-user-can-execute-unauthorized-function-cve-2020-4378/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-netcool-agile-service-manager-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jul-2020-includes-oracle-jul-2020-cpu-plus-one-additional-vulnerability-affects-content-collecor-for-sap-applications/
قيم المحتوى
شارك الصفحة
