تنبيه IBM
1851تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
25 يناير, 2022
● عالي
2022-4270
الكل
أصدرت IBM عدة تحديثات لمعالجة عدد من الثغرات في المنتجات التالية:
- IBM WebSphere Application Server Liberty
- Apache Log4j
- IBM Security Guardium Insights
- IBM OpenPages with Watson
- IBM Spectrum Copy Data Management
- Apache Solr and Logstash shipped with IBM Operations Analytics – Log Analysis
- IBM Data Studio Client
- IBM® Db2®
- IBM® Java SDK
- Liberty for Java for IBM Cloud
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- تنفيذ برمجيات خبيثة عن بعد
- هجمة حجب الخدمة (DoS attack)
- حقن LDAP
يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتIBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-vulnerable-to-denial-of-service-and-arbitrary-code-execution-due-to-apache-log4j-cve-2021-45105-cve-2021-45046/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-openpages-with-watson-has-addressed-apache-log4j-vulnerability-cve-2021-4104/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-may-affect-ibm-spectrum-copy-data-management-cve-2021-44832/
- https://www.ibm.com/blogs/psirt/security-bulletin-log4j-remote-code-execution-vulnerability-in-apache-solr-and-logstash-shipped-with-ibm-operations-analytics-log-analysis-cve-2021-44228-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-affects-ibm-data-studio-client-cve-2021-4104/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-log4j-affects-some-features-of-ibm-db2-cve-2021-44832/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-liberty-for-java-for-ibm-cloud-october-2021-cpu/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-liberty-is-vulnerable-to-ldap-injection-cve-2021-39031/
- https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/