تحديثات IBM
2215تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
24 أكتوبر, 2021
● عالي
2021-3731
الكل
الوصف:
أصدرت IBM عدة تحديثات لمعالجة عدد من الثغرات في عدة منتجات، من أبرزها:
- Oracle Database Server
- IBM Emptoris Sourcing
- IBM Emptoris Contract Management
- IBM Emptoris Strategic Supply Management Platform
- IBM Emptoris Program Management
- IBM Emptoris Supplier Lifecycle Mgmt
- Node.js
- IBM Cloud Pak for Integration
- Watson Explorer
- OpenSSL
- IBM InfoSphere Master Data Management Server
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- هجمة حجب الخدمة (DoS attack)
- تنفيذ برمجيات خبيثة عن بعد
- تجاوز سعة مخزن الذاكرة المؤقت
- حقن البرمجيات (Code injection)
- السيطرة على النظام
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتIBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-security-vulnerability-affects-ibm-emptoris-sourcing-cve-2021-2351/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-master-data-management-server-vulnerability-in-openssl-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-contract-management-cve-2021-2351/
- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-strategic-supply-management-platform-cve-2021-2328/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-multiple-node-js-vulnerabilities-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-program-management-cve-2021-2329/
- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-contract-management-cve-2021-2329/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-exist-in-watson-explorer-cve-2021-35517-cve-2021-36090/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-urllib3-and-react-bootstrap-table-affect-ibm-spectrum-discover/
- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-program-management-cve-2021-2328/
- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-program-management-cve-2021-2351/
- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-security-vulnerability-affects-ibm-emptoris-contract-management-cve-2021-2328/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-master-data-management-server-vulnerability-in-openssl-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-master-data-management-server-vulnerability-in-openssl-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-sourcing-cve-2021-2328/
- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-supplier-lifecycle-mgmt-cve-2021-2351/
- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-sourcing-cve-2021-2329/
- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-strategic-supply-management-platform-cve-2021-2351/
- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-supplier-lifecycle-mgmt-cve-2021-2328/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-affect-watson-explorer-foundational-components-cve-2021-3712-cve-2021-3711/
- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-supplier-lifecycle-mgmt-cve-2021-2329/