تحديثات IBM
1888تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
21 أكتوبر, 2021
● عالي
2021-3721
الكل
الوصف:
أصدرت IBM عدة تحديثات لمعالجة عدد من الثغرات في عدد من منتجاتها، ومن أبرزها:
- IBM Event Streams 2018.3.0
- IBM Event Streams CDR
- IBM SAN Volume Controller
- IBM Storwize V7000
- IBM Storwize V5000
- IBM Storwize V5100
- IBM Storwize V3700
- IBM Storwize V3500
- IBM FlashSystem V9000
- IBM FlashSystem 9100 Family
- IBM FlashSystem 9200
- IBM FlashSystem 7200
- IBM FlashSystem 5200
- IBM FlashSystem 5000
- IBM Spectrum Virtualize Software
- IBM Spectrum Virtualize for Public Cloud
- QRadar Advisor 2.5 – QRadar Advisor 2.6.1
- App Connect Enterprise Certified Container
- 1.0 with Operator
- 1.1 with Operator
- 1.2 with Operator
- 1.3 with Operator
- 1.4 with Operator
- 1.5 with Operator
- 2.0 with Operator
- IBM Cloud Pak System
- V2.3.0.1, V.2.3.1.1, v.2.3.2.0
- v2.3.3.0 v.2.3.3.1, v.2.3.3.2, v.2.3.3.3, v2.3.3.3 iFix 1
- 9840-AE1 and 9843-AE1
- 9840-AE2 and 9843-AE2
- 9840-AE3 and 9843-AE3
- App Connect Enterprise Certified Container
- 2.0 with Operator
- 1.5 with Operator
- 1.4 with Operator
- IBM Connect:Direct Web Services 6.0
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- هجمة حجب الخدمة (DoS attack)
- هجمة البرمجة عبر المواقع (Cross-site scripting (XSS
- ترقية ورفع الصلاحيات
- تجاوز القيود الأمنية
- الكشف والإفصاح عن معلومات حساسة
- تنفيذ برمجيات خبيثة
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة، حيث أصدرت IBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-may-be-vulnerable-to-regular-expression-denial-of-service-due-to-a-vulnerability-in-the-node-js-validator-module/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-xml-beans-vulnerability-affects-the-b2b-api-of-ibm-sterling-b2b-integrator-cve-2021-23926/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-may-be-vulnerable-to-denial-of-service-due-to-cve-2021-22918/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-may-be-vulnerable-to-domain-hijacking-due-to-cve-2021-22931/
- https://www.ibm.com/blogs/psirt/security-bulletin-session-cookie-vulnerablity-affects-ibm-transformation-extender-advanced-cve-2021-29883/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-may-be-vulnerable-to-trusting-expired-certificates-due-to-cve-2021-22939/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-ui-affected-by-multiple-node-package-vulnerabilities/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-sed-affects-ibm-san-volume-controller-ibm-storwize-ibm-spectrum-virtualize-and-ibm-flashsystem-v9000-products/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-advisor-with-watson-uses-components-with-known-vulnerabilities-cve-2020-36242-cve-2021-33503-cve-2020-28493/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-may-be-vulnerable-to-directory-traversal-due-to-cve-2021-32803/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-may-be-vulnerable-to-directory-traversal-due-to-cve-2021-32804/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-vmware-esxi-affect-ibm-cloud-pak-system-cve-2021-21994-cve-2021-21995/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-exists-in-the-restricted-shell-of-the-ibm-flashsystem-900/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-may-be-vulnerable-to-memory-corruption-due-to-cve-2021-22930/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-may-be-vulnerable-to-memory-corruption-due-to-cve-2021-22940/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-integration-servers-may-be-vulnerable-to-code-injection-due-to-cve-2021-23406/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-integration-servers-may-be-vulnerable-to-bypassing-of-access-control-based-on-ip-addresses-due-to-cve-2021-29923/
- https://www.ibm.com/blogs/psirt/security-bulletin-postgresql-vulnerability-affects-ibm-connectdirect-web-service-cve-2021-32027/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-vmware-vcenter-affect-ibm-cloud-pak-system/