الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تنبيه IBM
2146
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
11 إبريل, 2022
● متوسط
2022-4637
الكل
أصدرت IBM عدّة تحديثات لمعالجة عددٍ من الثغرات في المنتجات التالية:
- Operations Dashboard 2020.4.1
- 2021.1.1
- 2021.2.1
- 2021.3.1
- 2021.4.1
- Curam SPM
- 8.0.1
- 7.0.11
- R8.5 88.5x.x.x
- R9.1 89.1x.0.0
- R9.2 89.2x.0.0
- IBM Security Guardium Insights
- 3.1.4
- Platform Navigator in IBM Cloud Pak for Integration (CP4I) 2020.4.1
- 2021.1.1
- 2021.2.1
- 2021.3.1
- 2021.4.1
- Automation Assets in IBM Cloud Pak for Integration (CP4I) 2020.4.1
- 2021.1.1
- 2021.2.1
- 2021.4.1
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- هجمة حجب الخدمة (DoS attack)
- هجمة البرمجة عبر المواقع Cross-site scripting (XSS)
يوصي المركز بتحديث النسخ المتأثرة، حيث أصدرت IBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-operations-dashboard-is-vulnerable-to-go-cve-2022-24921/
- https://www.ibm.com/blogs/psirt/security-bulletin-cram-social-program-management-may-be-affected-by-denial-of-service-vulnerability-in-google-gson-217225/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-host-on-demand-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-cross-site-scripting-xss-vulnerability-may-impact-ibm-cram-social-program-managementcve-2021-39068/
- https://www.ibm.com/blogs/psirt/security-bulletin-platform-navigator-and-automation-assets-in-ibm-cloud-pak-for-integration-are-vulnerable-to-log4js-node-cve-2022-21704/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-global-mailbox-is-vulnerable-to-denial-of-service-due-to-jackson-databind-217968/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-liberty-for-ibm-i-is-vulnerable-to-spoofing-and-clickjacking-attacks-due-to-swagger-ui-cve-2018-25031-cve-2021-46708/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-have-been-identified-in-apache-log4j-and-the-application-code-shipped-with-the-ds8000-hardware-management-console-hmc/
- https://www.ibm.com/blogs/psirt/security-bulletin-operations-dashboard-is-vulnerable-to-go-cve-2022-23806/
- https://www.ibm.com/blogs/psirt/security-bulletin-platform-navigator-and-automation-assets-in-ibm-cloud-pak-for-integration-are-vulnerable-to-multiple-cves-in-node-js/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-multiple-vulnerabilities-7/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-b2b-integrator-vulnerable-to-cross-site-ajax-request-vulnerability-due-to-prototype-javascript-cve-2008-7220/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-spring-framework-affects-ibm-tivoli-application-dependency-discovery-manager-cve-2020-5421-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-platform-navigator-and-automation-assets-in-ibm-cloud-pak-for-integration-are-vulnerable-to-node-request-retry-cve-2022-0654/
- https://www.ibm.com/blogs/psirt/security-bulletin-operations-dashboard-is-vulnerable-to-go-cve-2022-23773/
- https://www.ibm.com/blogs/psirt/security-bulletin-operations-dashboard-is-vulnerable-to-go-cve-2022-23772/
قيم المحتوى
شارك الصفحة
