الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تنبيه IBM
2802
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
23 فبراير, 2022
● عالي
2022-4420
الكل
أصدرت IBM عدة تحديثات لمعالجة عدة ثغرات في عدد من منتجاتها، أبرزها:
- IBM MQ
- IBM Sterling Global Mailbox
- IBM Java Runtime
- CICS Transaction Gateway
- IBM Java SDK
- Content Collector for Email
- Content Collector for File Systems
- Content Collector for Microsoft SharePoint
- Content Collector for IBM Connections
- CKeditor WYSIWYG editor
- IBM Sterling Global Mailbox
- Dojo
- IBM WebSphere Application Server
- Java
- IBM Cloud Application Business Insights
- Apache Log4j
- Cúram Social Program Management
- IBM Planning Analytics and IBM Planning Analytics Workspace
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- تنفيذ برمجيات خبيثة عن بعد
- هجمة حجب الخدمة (DoS attack)
يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتIBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-mq-vulnerabilities-affect-ibm-sterling-global-mailbox/
- https://www.ibm.com/blogs/psirt/security-bulletin-february-2022-multiple-vulnerabilities-in-ibm-java-runtime-affect-cics-transaction-gateway/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-26/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-global-mailbox-is-vulnerable-to-denial-of-service-due-to-ckeditor-wysiwyg-editor-cve-2021-26271-cve-2021-26272/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-27/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-28/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-is-vulnerable-to-remote-code-execution-due-to-dojo-cve-2021-23450/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-for-29/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-global-mailbox-vulnerable-to-sensitive-information-exposure-due-to-jackson-data-mapper-cve-2019-10172/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-java-impact-ibm-cloud-application-business-insights-cve-2021-35550-cve-2021-35561-cve-2021-35603-and-cve-2021-41035/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-ibm-sdk-java-technology-edition-12/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-may-affect-cram-social-program-management-cve-2021-4104-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-and-ibm-planning-analytics-workspace-are-affected-by-security-vulnerabilities/
قيم المحتوى
شارك الصفحة
