تنبيه IBM
2044تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
31 أغسطس, 2022
● عالي
2022-5184
الكل
الوصف:
أصدرت IBM تحديثًا لمعالجة ثغرة في المنتج التالي:
- IBM TRIRIGA Application
- IBM TRIRIGA Application Platform
- IBM TRIRIGA Application
- IBM Cloud Object Storage Systems
- IBM TRIRIGA Application
- IBM Cloud Transformation Advisor
- FOS
- IBM Jazz Reporting Service
- IBM Global Configuration Management
- IBM Engineering Workflow Management (EWM)
- Jazz Foundation
- IBM Engineering Lifecycle Optimization – Engineering Insights
- IBM Engineering Lifecycle Optimization – Method Composer
- BM Engineering Lifecycle Optimization – Publishing
- IBM Engineering Requirements Management DOORS Next
- IBM Engineering Test Management
- IBM Engineering Requirements Management
- IBM Engineering Lifecycle Optimization – Integration Adapters Tasktop Edition
- IBM TRIRIGA Application Platform
- IBM App Connect Enterprise
- IBM Integration Bus (Windows & Linux only)
التهديدات:
يمكن للمهاجم استغلال الثغرة وتنفيذ ما يلي:
- هجمة حجب الخدمة (DoS attack)
- تنفيذ برمجيات خبيثة
الاجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتIBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletinibm-tririga-application-platform-may-be-be-afftected-by-known-vulnerabilities-in-db2jcc4-jar-cve-2007-2582/
- https://www.ibm.com/blogs/psirt/security-bulletin-tririga-is-vulnerable-to-remote-hacker-due-to-dom4j-open-source-2/
- https://www.ibm.com/blogs/psirt/security-bulletinibm-tririga-application-platform-discloses-cve-2021-30468/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-openjdk-gnutls-affect-ibm-cloud-object-storage-systems-august-2022v1/
- https://www.ibm.com/blogs/psirt/security-bulletinibm-tririga-application-platform-discloses-cve-2021-22696/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-vulnerable-to-multiple-vulnerabilities-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-fabric-os-firmware-used-by-ibm-b-type-san-directors-and-switches-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-the-ibm-engineering-lifecycle-engineering-products-on-ibm-jazz-technology-contains-additional-security-fixes-for-log4j-vulnerabilities-cve-2021-4104/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tririga-discloses-cve-2015-0254/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-and-ibm-app-connect-enterprise-are-vulnerable-to-a-denial-of-service-due-to-jackson-databind-cve-2020-36518-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-fabric-os-firmware-used-by-ibm-b-type-san-directors-and-switches/
- https://www.ibm.com/blogs/psirt/security-bulletinibm-tririga-application-platform-discloses-cross-site-scripting-cve-2021-41878/