الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تنبيه IBM
2720
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
22 يونيو, 2022
● متوسط
2022-4992
الكل
الوصف:
- أصدرت IBM عدّة تحديثات لمعالجة عددٍ من الثغرات في المنتجات التالية، أبرزها:
- IBM Watson Explorer Deep Analytics Edition oneWEX Components
- 12.0.0.0, 12.0.0.1
- 12.0.1,
- 12.0.2.0 – 12.0.2.2,
- 12.0.3.0 – 12.0.3.10
- IBM Watson Explorer DAE Foundational Components
- 12.0.0,
- 12.0.1,
- 12.0.2.0 – 12.0.2.2, 12.0.3.0 – 12.0.3.10
- IBM Watson Explorer Foundational Components
- 11.0.0.0 – 11.0.0.3,
- 11.0.1,
- 11.0.2.0 – 11.0.2.14
- IBM Sterling Connect:Direct Browser User Interface 1.5.0.2
- IBM Sterling Connect:Direct Browser User Interface 1.4.1.1
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- الكشف والإفصاح عن المعلومات الحساسة
- هجمة حجب الخدمة (DoS attack)
الاجراءات الوقائية:
يوصي المركز بتحديث المنتجات المتأثرة، حيث أصدرت IBM توضيحًا لهذه التحديثات،أبرزها:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-browser-user-interface-has-multiple-vulnerabilities-due-to-ibm-java/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-ftp-is-vulnerable-to-unauthorized-data-access-due-to-ibm-java-cve-2021-35550/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-ibm-websphere-application-server-january-2022-cpu-that-is-bundled-with-ibm-websphere-application-server-patterns/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-file-agent-is-vulnerable-to-an-unspecified-vulnerability-due-to-ibm-java-runtime-cve-2021-35550/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-spring-framework-affects-ibm-watson-explorer-cve-2022-22971-cve-2022-22968-cve-2022-22970/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-ftp-is-vulnerable-to-unauthorized-sensitive-information-access-due-to-ibm-java-vulnerability-cve-2021-35603/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-websphere-application-server-and-websphere-application-server-liberty-affect-ibm-watson-explorer-cve-2022-22475-cve-2021-39038/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-has-been-identified-in-ibm-db2-used-by-ibm-security-verify-governance-identity-manager-virtual-appliance-component/
- https://www.ibm.com/blogs/psirt/security-bulletin-rational-team-concert-rtc-and-ibm-engineering-workflow-management-ewm-openssl-vulnerability-cve-2021-4044/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-file-agent-is-vulnerable-to-an-unspecified-vulnerability-due-to-ibm-java-runtime-cve-2021-35603/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-cve-2021-35550-in-ibm-java-runtime-affects-cics-transaction-gateway/
- https://www.ibm.com/blogs/psirt/security-bulletin-june-2022-multiple-vulnerabilities-in-ibm-java-runtime-affect-cics-transaction-gateway/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jan-2022-includes-oracle-january-2022-cpu-affects-ibm-tivoli-composite-application-manager-for-transactions-robotic-response/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-watson-explorer-cve-2022-0778/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-browser-user-interface-is-vulnerable-to-multiple-vulnerabilities-due-to-jetty/
قيم المحتوى
شارك الصفحة
