الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تنبيه IBM
18832
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
7 أغسطس, 2022
● عالي
2022-5100
الكل
أصدرت IBM عدة تحديثات لمعالجة عدة ثغرات في عدد من منتجاتها:
- IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data
- IBM Security Identity Manager virtual appliance
- IBM Watson Speech Services Cartridge for IBM Cloud Pak
- IBM Sterling Connect:Direct for UNIX Certified Container
- QRadar User Behavior Analytics
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- تنفيذ برمجيات خبيثة
- هجمة حجب الخدمة (DoS attack)
- تجاوز سعة مخزن الذاكرة المؤقت
يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتIBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-arbitrary-code-execution-in-ms-visual-studio-cve-2021-21300/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-arbitrary-command-execution-in-git-cve-2018-1000021/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-manager-virtual-appliance-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-and-issues-in-other-open-source-components-cve-2021-4104/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-denial-of-service-in-golang-go-cve-2022-24675/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-denial-of-service-in-golang-go-cve-2022-23772/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-denial-of-service-in-golang-go-cve-2022-28327/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-denial-of-service-in-golang-go-cve-2022-24921/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-denial-of-service-in-golang-go-cve-2022-23806/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-arbitrary-code-execution-in-ms-visual-studio-cve-2022-24765/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-buffer-overflow-in-perl-cve-2020-12723/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-is-vulnerable-to-a-security-restrictions-bypass-in-lxml-cve-2021-43818/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-unix-certified-container-is-affected-by-denial-of-service-vulnerability-in-version-1-1-1k-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jquery-ui-highcharts-and-datatables-are-affecting-qradar-user-behavior-analytics-cve-2021-41182-cve-2021-41183-cve-2021-41184-cve-2021-23445-cve/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerabilities-in-spark-and-zookeeper-affect-qradar-user-behavior-analyticscve-2021-4104/
قيم المحتوى
شارك الصفحة
