تنبيه IBM
48025تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
4 أغسطس, 2022
● عالٍ جدًا
2022-5096
الكل
أصدرت IBM عدة تحديثات لمعالجة عدة ثغرات في عدد من منتجاتها:
- IBM Data Risk Manager
- IBM Db2 On Openshift, IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data
- IBM Sterling B2B Integrator
- IBM Sterling File Gateway
- IBM Tivoli Application Dependency Discovery Manager
- IBM Watson Discovery for IBM Cloud Pak for Data
- IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- تنفيذ برمجيات خبيثة
- هجمة حجب الخدمة (DoS attack)
- تجاوز آلية حماية
- تجاوز سعة مخزن الذاكرة المؤقت
يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتIBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-heap-based-buffer-overflow-in-perl-cve-2018-18313/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-apache-tika-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-db2-on-openshift-ibm-db2-on-cloud-pak-for-data-and-db2-warehouse-on-cloud-pak-for-data/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-file-gateway-is-affected-by-a-remote-code-execution-in-spring-framework-cve-2022-22965-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-heap-based-buffer-overflow-in-perl-cve-2020-10543/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-an-integer-overflow-in-perl-cve-2020-10878/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-heap-based-buffer-overflow-in-perl-cve-2018-18312/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-heap-based-buffer-overflow-in-rsyslog-cve-2022-24903/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-affected-by-multiple-vulnerabilities-including-remote-code-execution-in-apache-log4j-1-x/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-struts-affect-ibm-tivoli-application-dependency-discovery-manager-cve-2021-31805-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-heap-based-buffer-overflow-in-perl-cve-2018-18314/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-denial-of-service-caused-by-a-buffer-overflow-in-twisted-cve-2022-21716/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-an-http-request-smuggling-issue-in-twisted-cve-2022-24801/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-b2b-integrator-is-affected-by-a-remote-code-execution-in-spring-framework-cve-2022-22965-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-cookie-and-authorization-header-exposure-in-twisted-cve-2022-21712/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-nginx-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-heap-based-buffer-overflow-in-perl-cve-2018-18311/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-pyjwt/