الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تنبيه IBM
6871
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
30 مايو, 2022
● عالي
2022-4887
الكل
أصدرت IBM عدّة تحديثات لمعالجة عددٍ من الثغرات في المنتجات التالية، أبرزها:
- PowerVC
- 2.0.2
- 2.0.2.1
- IBM Security Guardium
- 11.3
- 11.4
- 11.2
- 11.1
- 11.0
- 11.6
- Automation Assets in IBM Cloud Pak for Integration (CP4I)
- 2020.4.1
- 2021.1.1
- 2021.2.1
- 2021.4.1
- App Connect Enterprise Certified Container
- 1.1-eus with Operator
- 2.1 with Operator
- 3.0 with Operator
- 3.1 with Operator
- 4.0 with Operator
- 4.1 with Operator
- Watson Discovery
- 4.0.0-4.0.8
- IBM Spectrum Control
- 5.4.0 – 5.4.6
- IBM MQ Operator CD release
- 1.8.1
- IBM MQ Operator EUS release
- 1.3.3
- IBM Supplied MQ Advanced Queue Manager Container images
- 9.2.5.0-r2, 9.2.0.5-r1
- IBM Sterling Control Center
- 6.2.1.0
- 6.2.0.0
يمكن للمهاجم استغلال الثغرات من خلال تنفيذ التالي:
- تنفيذ برمجيات خبيثة
- أخطاء عند التحقق من المدخلات
يوصي المركز بتحديث المنتجات المتأثرة، حيث أصدرت IBM توضيحًا لهذه التحديثات، أبرزها:
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-exists-in-golang-x-crypto-cve-2020-9283-which-is-consumed-by-ibm-cics-tx-standard/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-exists-in-golang-x-crypto-cve-2020-9283-which-is-consumed-by-ibm-cics-tx-advanced/
- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-request-forgery-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2022-22361/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-control-center-is-vulnerable-to-a-denial-of-service-vulnerability-due-to-apache-xerces2-java-xml-parser-cve-2022-23437/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-control-center-is-vulnerable-to-remote-attacker-security-restrictions-bypass-due-to-eclipse-ee4j-jakarta-expression-language-cve-2021-28170/
- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-kernel-affects-ibm-netezza-host-management-17/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-omnibus-probe-integrations-is-affected-by-vulnerability-in-fasterxml-jackson-databind/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-google-protocol-buffers-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-control-center-is-vulnerable-to-remote-attack-on-mqxr-service-due-to-ibm-websphere-mq-cve-2015-4943/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-control-center-is-vulnerable-to-server-side-request-forgery-due-to-node-js-axios-module-cve-2020-28168/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-apache-xerces/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-vulnerable-to-csrf/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-control-center-is-vulnerable-to-a-denial-of-service-due-to-jdom-cve-2021-33813/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-internet-pass-thru-is-vulnerable-to-an-issue-within-ibm-runtime-environment-java-technology-edition-version-7-cve-2021-35588/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-trace-can-inadvertently-trace-sensitive-data-cve-2022-22325/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-can-be-incorrectly-configured-to-prevent-required-authorization-checks-cve-2022-22316/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-sensitive-information-disclosure-vulnerability-cve-2022-22325/
- https://www.ibm.com/blogs/psirt/security-bulletin-powervc-installation-on-rhel-is-vulnerable-to-mariadb-with-cve-2021-46669-cve-2022-24048-mariadb-219814-mariadb-219815-cve-2022-24050-cve-2022-24052/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-number-of-security-vulnerabilities-in-netty-which-is-used-by-guardium-cve-2021-21290-cve-2021-21295-cve-2021-21409-cve-2021-37136-cve-2-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-apache-thrift-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-fasterxml-jackson-databind-vulnerabilities-cve-2020-25649-x-force-id-217968-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-automation-assets-in-ibm-cloud-pak-for-integration-is-vulnerable-to-remote-attack-due-to-moment-js-cve-2022-24785/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-path-traversal-and-crypto-vulnerabilities-cve-2021-29425-cve-2021-39076-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-operator-and-integrationserver-operands-may-be-vulnerable-to-denial-of-service-due-to-cve-2021-44716/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-node-js-9/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-operator-and-integrationserver-operands-may-be-vulnerable-to-denial-of-service-due-to-cve-2021-39293/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-spectrum-control-cve-2022-1292/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-openssl/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-control-is-vulnerable-to-multiple-weaknesses-related-to-xstream-apache-xerces2-jackson-openssl-and-java-se/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-operands-may-be-vulnerable-to-code-injection-due-to-cve-2022-21803/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-ibm-semeru-runtime-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-operator-and-queue-manager-container-images-are-vulnerable-to-multiple-vulnerabilities-from-gzip-jackson-databind-libssh-gnutls-nettle-and-zlib/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-control-center-is-affected-but-not-classified-as-vulnerable-by-a-remote-code-execution-in-spring-framework-cve-2022-22965/
قيم المحتوى
شارك الصفحة
