الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تنبيه IBM
2523
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
21 يونيو, 2022
● متوسط
2022-4976
الكل
الوصف:
أصدرت IBM عدّة تحديثات لمعالجة عددٍ من الثغرات في المنتجات التالية، أبرزها:
- DataPower Operator 1.2 1.2.0-1.2.6
- DataPower Operator 1.5 1.5.0
- IBM DataPower Gateway V10CD
- 10.0.2.0-10.0.4.0
- IBM DataPower Gateway
- 10.0.1 10.0.1.0-10.0.1.5
- IBM DataPower Gateway 2018.4.1
- 2018.4.1.0-2018.4.1.18
- IBM Spectrum Conductor 2.4.1
- IBM Spectrum Conductor 2.5.0
- IBM Spectrum Conductor 2.5.1
- IBM Spectrum Symphony
- 7.3
- 7.3.1
- 7.3.2
- IBM Cloud Pak for Business Automation
- V21.0.3 – V21.0.3-IF008
- V21.0.2 – V21.0.2-IF010
- V21.0.1 – V21.0.1-IF007
- V20.0.1 – V20.0.3
- V19.0.1 – V19.0.3
- V18.0.0 – V18.0.2
- IBM Security Guardium
- 10.5
- 10.6
- 11.0
- 11.1
- 11.2
- 11.3
- 11.4
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- تنفيذ برمجيات خبيثة
- هجمة حجب الخدمة (DoS attack)
الاجراءات الوقائية:
يوصي المركز بتحديث المنتجات المتأثرة، حيث أصدرت IBM توضيحًا لهذه التحديثات،أبرزها:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-mongodb-driver-legacy-4-1-1-jar-vulnerability-cve-2021-20328/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-postgresql-42-0-0-jar-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-wincollect-agent-is-vulnerable-to-information-disclosure/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-operator-affected-by-flaw-in-go-cve-2022-23773/
- https://www.ibm.com/blogs/psirt/security-bulletin-an-unspecified-vulnerability-in-java-runtime-affects-ibm-spss-statistics-cve-2022-21496/
- https://www.ibm.com/blogs/psirt/security-bulletin-an-unspecified-vulnerability-in-java-runtime-affects-ibm-spss-cve-2022-21496/
- https://www.ibm.com/blogs/psirt/security-bulletin-an-unspecified-vulnerability-in-java-runtime-affects-ibm-spss-statistics-cve-2021-35603/
- https://www.ibm.com/blogs/psirt/security-bulletin-flaw-in-go-may-affect-datapower-operator-cve-2021-44717/
- https://www.ibm.com/blogs/psirt/security-bulletin-datapower-operator-vulnerable-to-a-denial-of-service-cve-2022-23806/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-operator-potentially-vulnerable-to-denial-of-service-cve-2021-44716/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-datapower-gateway-affected-by-prototype-pollution-in-dojo-cve-2021-23450-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-conductor-is-affected-but-not-classified-as-vulnerable-by-a-remote-code-execution-in-spring-framework-cve-2022-22965/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-symphony-is-affected-but-not-classified-as-vulnerable-by-a-remote-code-execution-in-spring-framework-cve-2022-22965/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-are-addressed-with-ibm-cloud-pak-for-business-automation-ifixes-for-may-2022/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-apache-thrift-5/
قيم المحتوى
شارك الصفحة
