الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تنبيه IBM
2912
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
19 يونيو, 2022
● عالي
2022-4969
الكل
الوصف:
أصدرت IBM عدّة تحديثات لمعالجة عددٍ من الثغرات في المنتجات التالية، أبرزها:
- IBM Cloud Object Storage Systems
- IBM Integration Bus
- 10.0.0.0 – 10.0.0.25
- IBM DataPower Gateway
- V10CD10.0.2.0-10.0.4.0
- IBM DataPower Gateway
- 10.0.110.0.1.0-10.0.1.6
- QRadar WinCollect Agent
- 10.0
- QRadar WinCollect Agent
- 10.0.1
- IBM Security Guardium
- 10.5
- 10.6
- 11.0
- 11.1
- 11.2
- 11.3
- 11.4
- StoredIQ
- 7.6.0.0 – 7.6.0.22
- 7.6.0.0 – 7.6.0.22
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- تنفيذ برمجيات خبيثة
- هجمة حجب الخدمة (DoS attack)
الاجراءات الوقائية:
يوصي المركز بتحديث المنتجات المتأثرة، حيث أصدرت IBM توضيحًا لهذه التحديثات،أبرزها:
- https://www.ibm.com/blogs/psirt/security-bulletin-cram-social-program-management-is-affected-by-session-timeout-issues-cve-2022-22318-cve-2022-22317/
- https://www.ibm.com/blogs/psirt/security-bulletin-aix-is-vulnerable-to-a-denial-of-service-due-to-lpd-cve-2022-22444-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-cram-social-program-management-may-be-affected-by-denial-of-service-vulnerability-in-jdom-cve-2021-33813/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-analytic-accelerator-framework-for-communication-service-providers-ibm-customer-and-network-analytics-for-communications-service-providers-and-datasets-impacted-by-log4j-v-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-robotic-process-automation-is-vulnerable-to-configuration-credentials-unencrypted-in-system-memory-cve-2022-22414/
- https://www.ibm.com/blogs/psirt/security-bulletin-cram-social-program-management-may-be-affected-by-denial-of-service-vulnerability-in-jackson-databind-217968/
- https://www.ibm.com/blogs/psirt/security-bulletin-potential-module-resolution-error-in-datapower-operator/
- https://www.ibm.com/blogs/psirt/security-bulletin-an-unspecified-vulnerability-in-java-runtime-affects-ibm-spss-cve-2021-35550/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-kernel-eclipse-jetty-and-openjdk-affect-ibm-cloud-object-storage-systems-june-2022/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-is-vulnerable-to-arbitrary-code-execution-due-to-json-schema-cve-2021-3918/
- https://www.ibm.com/blogs/psirt/security-bulletin-potential-denial-of-service-in-ibm-datapower-gateway-cve-2022-23806/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-wincollect-is-vulnerable-to-using-components-with-known-vulnerabilities/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-apache-thrift-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-storediq-is-vulnerable-to-denial-of-service-and-remote-code-execution-in-apache-log4j-cve-2021-44228-cve-2021-45046/
- https://www.ibm.com/blogs/psirt/security-bulletin-storediq-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-44228/
قيم المحتوى
شارك الصفحة
