تنبيه IBM
2948تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
29 إبريل, 2022
● عالٍ جدًا
2022-4746
الكل
أصدرت IBM عدّة تحديثات لمعالجة عددٍ من الثغرات في المنتجات التالية:
- Content Collector for Email
- 4.0.x
- UCD – IBM UrbanCode Deploy
- 7.0.3.4.1044170
- 7.0.4.1.1036185
- 7.0.4.2.1038002
- 7.0.4.3.1044169
- 7.0.5.0.1041488
- 7.0.5.1.1044461
- 7.0.5.2.1050384
- 7.1.0.0.1058690
- 7.1.0.1.1061360
- 7.1.0.1.ifix01.1062130
- 7.1.0.2.1063225
- 7.1.0.3.1069281
- 7.1.1.0.1073118
- 7.1.1.1.1074331
- 7.1.1.2.1090482
- 7.1.2.0.1100493
- 7.1.2.1.1104332
- 7.2.0.0.1109832
- 7.2.0.1.1114184
- 7.2.0.2.1116435
- 7.2.1.0.1123293
- IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes
- 10.1.5-10.1.10.1
- IBM Spectrum Protect Plus Container Backup and Restore for Red Hat OpenShift
- 10.1.7-10.1.10.1
- App Connect Enterprise Certified Container
- 1.1-eus with Operator
- 2.1 with Operator
- 3.0 with Operator
- 3.1 with Operator
- 4.0 with Operator
- IBM QRadar SIEM
- 7.5.0 GA
- 7.4.3 GA – 7.4.3 FP4
- 7.3.3 GA – 7.3.3 FP10
- IBM Business Automation Workflow traditional
- V21.0.1 – V21.0.3
- V20.0.0.1 – V20.0.0.2
- V19.0.0.1 – V19.0.0.3
- V18.0.0.0 – V18.0.0.1
- IBM Business Automation Workflow containers
- V21.0.1 – V21.0.3
- IBM Business Process Manager
- V8.6.0.0 – V8.6.0.201803
يمكن للمهاجم استغلال الثغرات وتنفيذ مايلي:
- هجمة حجب الخدمة (DoS)
- فك تشفير معلومات حساسة
- ترقية ورفع الصلاحيات
- هجمة البرمجة عبر المواقع Cross-site scripting (XSS)
- تنفيذ برمجيات خبيثة
يوصي المركز بتحديث النسخ المتأثرة، حيث أصدرت IBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-email-is-affected-by-a-embedded-websphere-application-server-admin-console-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-uc-deploy-container-images-may-contain-non-unique-https-certificates-and-database-encryption-key-cve-2021-39082/
- https://www.ibm.com/blogs/psirt/security-bulletin-denial-of-service-vulnerability-in-golang-go-affects-ibm-spectrum-protect-plus-container-backup-and-restore-for-kubernetes-and-red-hat-openshift-cve-2022-24921/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-operands-may-be-vulnerable-to-denial-of-service-due-to-cve-2022-0778/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-designerauthoring-operands-may-be-vulnerable-to-arbitrary-code-execution-due-to-cve-2022-25645/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-linux-kernel-affect-ibm-qradar-siem-cve-2021-22543-cve-2021-3653-cve-2021-3656-cve-2021-37576/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-integrationserver-components-that-use-designer-flows-may-be-vulnerable-to-cve-2022-1243/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-integrationserver-components-that-use-designer-flows-may-be-vulnerable-to-cve-2022-1233/
- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2022-0155-cve-2022-0536-cve-2021-3749/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-operands-may-be-vulnerable-to-directory-traversal-due-to-cve-2022-24785/