الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تنبيه IBM
1922
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
28 إبريل, 2022
● عالٍ جدًا
2022-4740
الكل
أصدرت IBM عدّة تحديثات لمعالجة عددٍ من الثغرات في المنتجات التالية:
- Watson Discovery
- 4.0.0-4.0.7
- 2.0.0-2.2.1
- IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data
- 4.0.0 – 4.0.7
- InfoSphere Information Server, InfoSphere Information Server on Cloud
- 11.7
- IBM Cloud Transformation Advisor
- 2.0.1 – 3.0.0
- Spectrum Discover
- 2.0.4
- 2.0.4.1
- 2.0.4.2
- 2.0.4.3
- 2.0.4.4
- 2.0.4.5
- Operations Dashboard
- 2020.4.1
- 2021.1.1
- 2021.2.1
- 2021.3.1
- 2021.4.1
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- هجمة حجب الخدمة (DoS)
- الحصول على معلومات حساسة
- تجاوز القيود الأمنية
- حقن برمجيات SQL خبيثة
- تنفيذ برمجيات خبيثة عن بعد
يوصي المركز بتحديث النسخ المتأثرة، حيث أصدرت IBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-postgresql-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-xstream-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-a-remote-code-execution-in-spring-framework-cve-2022-22965/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-dojo-affects-ibm-infosphere-information-server-cve-2021-23450/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-may-be-affected-by-vulnerabilities-in-apache-log4j-1-x-version/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-isc-bind-affects-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-cve-2021-25216/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-isc-bind-affects-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-cve-2021-25215/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-websphere-application-server-liberty-affect-ibm-infosphere-information-server/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-vulnerable-to-multiple-vulnerabilities/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-cyrus-sasl-vulnerability-affects-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-cve-2022-24407/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-postgresql-jdbc-driver-pgjdbc-affects-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-cve-2022-21724/
- https://www.ibm.com/blogs/psirt/security-bulletin-operations-dashboard-in-cloud-pak-for-integration-is-affected-by-spring4shell-cve-2022-22965/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-is-affected-by-a-remote-code-execution-in-spring-framework-cve-2022-22965/
- https://www.ibm.com/blogs/psirt/security-bulletin-high-severity-vulnerabilities-in-libraries-used-by-ibm-spectrum-discover-libraries-of-libraries/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-with-gnu-wget-affects-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-cve-2018-0494/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-python-affects-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-cve-2019-20916/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-kafka-affects-ibm-infosphere-information-server-cve-2021-38153/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-samba-affects-ibm-spectrum-scale-smb-protocol-access-method-cve-2020-25717/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-powervm-novalink-is-vulnerable-because-dojo-cloud-allow-a-remote-attacker-to-execute-arbitrary-code-on-the-system-due-to-websphere-liberty-cve-2021-23450/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-tomcat-affect-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-cve-2022-23181/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-google-guava-vulnerability-affects-ibm-watson-speech-services-cartridge-for-ibm-cloud-pak-for-data-cve-2018-10237/
قيم المحتوى
شارك الصفحة
