الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تم ارسال تقييمك بنجاح.
تنبيه IBM
2688
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
30 يناير, 2022
● عالٍ جدًا
2022-4288
الكل
أصدرت IBM عدة تحديثات لمعالجة عدة ثغرات في عدد من منتجاتها، أبرزها:
- IBM QRadar hardware appliances
- Apache Log4j
- Db2 Big SQL
- IBM App Connect Enterprise V11, V12 and IBM Integration Bus
- IBM Cloud Pak for Data System
- IBM Cloud Private
- IBM Data Virtualization on Cloud Pak for Data
- IBM Decision Optimization for Cloud Pak for Data
- IBM Engineering Lifecycle Management products
- IBM Engineering Requirements Management DOORS
- IBM Netezza Analytics for NPS
- IBM Spectrum Scale
- IBM Sterling B2B Integrator
- IBM Sterling Configure, Price, Quote
- IBM Sterling File Gateway
- IBM Tivoli Netcool/OMNIbus Common Integration Libraries
- IBM Tivoli Network Manager IP Edition
- IBM Watson Assistant for IBM Cloud Pak for Data
- IBM Watson Studio in Cloud Pak for Data
- IBM Watson Studio Premium Add On in Cloud Pak for Data
- IBM® Db2®
- InfoSphere Data Architect
- IBM Watson Assistant for IBM Cloud Pak for Data
- Cloud Pak for Security
- sanitize-html
- IBM Business Automation Workflow
- gson 217225
- IBM Db2 Mirror for i
- Linux Kernel, Samba, Sudo, Python, and tcmu-runner
- IBM Spectrum Protect Plus
- Linux Kernel
- IBM Spectrum Protect Plus
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- رفع الصلاحيات لزيادة قدرته على التعديل في النظام
- تنفيذ برمجيات خبيثة عن بعد
- هجمة حجب الخدمة (DoS attack)
يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتIBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-hardware-appliances-are-vulnerable-to-intel-privilege-escalation-cve-2021-0144-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-inapache-log4j-cve-2021-45046-may-affect-ibm-watson-assistant-for-ibm-cloud-pak-for-data/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-big-sql-for-hortonworks-data-platform-for-cloudera-data-platform-private-cloud-and-ibm-db2-big-sql-on-cloud-pak-for-data-are-affected-by-critical-vulnerability-in-log4j-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-data-system-1-0-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-45046/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-affects-ibm-sterling-file-gateway-cve-2021-45105-cve-2021-45046-8/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-assistant-for-ibm-cloud-pak-for-data-is-vulnerable-to-denial-of-service-and-arbitrary-code-execution-due-to-apache-log4j-cve-2021-45105-and-cve-2021-45046/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-studio-in-cloud-pak-for-data-is-vulnerable-to-denial-of-service-and-arbitrary-code-execution-due-to-apache-log4j-cve-2021-45105-cve-2021-45046/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-inapache-log4j-cve-2021-44832-may-affect-ibm-watson-assistant-for-ibm-cloud-pak-for-data/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-affects-ibm-cloud-private-cve-2021-44228-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-data-is-vulnerable-to-denial-of-service-and-arbitrary-code-execution-due-to-apache-log4j-cve-2021-45105-cve-2021-45046/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-affects-ibm-sterling-file-gateway-cve-2021-44228-7/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-studio-premium-add-on-in-cloud-pak-for-data-is-vulnerable-to-denial-of-service-and-arbitrary-code-execution-due-to-apache-log4j-cve-2021-45105-cve-2021-45046/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-inapache-log4j-cve-2021-4105-may-affect-ibm-watson-assistant-for-ibm-cloud-pak-for-data/
- https://www.ibm.com/blogs/psirt/security-bulletin-log4j-vulnerabilities-affect-ibm-netezza-analytics-for-nps/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-affects-infosphere-data-architect-cve-2021-4104/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-omnibus-common-integration-libraries-is-vulnerable-to-arbitrary-code-execution-and-denial-of-service-due-to-apache-log4j-cve-2021-44228-cve-2021-45046-cve-2021/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-decision-optimization-for-cloud-pak-for-data-is-vulnerable-to-denial-of-service-due-to-apache-log4j-cve-2021-45105-and-arbitrary-code-execution-due-to-apache-log4j-cve-2021-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-affects-ibm-cloud-private-cve-2021-45046-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-may-affect-ibm-sterling-b2b-integrator-cve-2021-44228-6/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-machine-learning-in-cloud-pak-for-data-is-vulnerable-to-denial-of-service-and-arbitrary-code-execution-due-to-apache-log4j-cve-2021-45105-cve-2021-45046/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-affects-ibm-sterling-b2b-integrator-cve-2021-45105-cve-2021-45046-8/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-network-manager-ip-edition-is-vulnerable-to-denial-of-service-and-arbitrary-code-execution-due-to-apache-log4j-cve-2021-45105-and-cve-2021-45046/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-configure-price-quote-is-vulnerable-to-denial-of-service-and-arbitrary-code-execution-due-to-apache-log4j-cve-2021-45105-and-cve-2021-45046/
- https://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-multiple-cves/
- https://www.ibm.com/blogs/psirt/security-bulletin-denial-of-service-vulnerability-in-sanitize-html-affects-ibm-business-automation-workflow-cve-2021-23382/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-engineering-requirements-management-doors-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-44832-cve-2021-45046-and-denial-of-service-due-to-apache-lo-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-mirror-for-i-is-vulnerable-to-denial-of-service-due-to-gson-217225/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-affects-ibm-spectrum-scale-cve-2021-4104/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-log4j-affect-ibm-app-connect-enterprise-v11-v12-and-ibm-integration-bus-cve-2021-17571-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-log4j-affects-some-features-of-ibm-db2-cve-2021-45046-cve-2021-45105-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-engineering-lifecycle-management-products-are-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-44832-cve-2021-45046-and-denial-of-service-due-to-apache-l-2/
- https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-virtualization-on-cloud-pak-for-data-is-vulnerable-to-arbitrary-code-execution-cve-2021-45046-and-denial-of-service-cve-2021-45105-due-to-apache-log4j-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-log4j-affect-ibm-app-connect-enterprise-v11-v12-and-ibm-integration-bus-v10-cve-2021-44832-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-virtualization-on-cloud-pak-for-data-is-vulnerable-to-arbitrary-code-execution-cve-2021-45046-and-denial-of-service-cve-2021-45105-due-to-apache-log4j/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-virtualization-on-cloud-pak-for-data-is-affected-by-critical-vulnerability-in-log4j-cve-2021-44228-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-the-linux-kernel-samba-sudo-python-and-tcmu-runner-affect-ibm-spectrum-protect-plus-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-log4j-affect-ibm-app-connect-enterprise-v11-v12-and-ibm-integration-bus-cve-2021-4104-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-linux-kernel-vulnerability-may-affect-ibm-spectrum-protect-plus-cve-2021-3715/
- https://www.ibm.com/blogs/psirt/security-bulletin-log4j-vulnerability-affects-ibm-netezza-analytics-for-nps/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-log4j-affects-some-features-of-ibm-db2-cve-2021-44832-2/
آخر تحديث في 30 يناير, 2022
قيم المحتوى
شارك الصفحة
