تحديثات IBM
1877تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
31 أكتوبر, 2021
● عالي
2021-3774
الكل
الوصف:
أصدرت IBM عدّة تحديثات لمعالجة عددٍ من الثغرات في عدّة منتجات، من أبرزها:
- IBM Emptoris Strategic Supply Management Platform
- 10.1.0.x,10.1.1.x,10.1.3.
- ICP – Compare & Comply
- Storage Node machine type and models (MTMs)
- 9840-AE1 and 9843-AE1
- 9840-AE2 and 9843-AE2
- 9840-AE3 and 9843-AE3
- Supported storage node
- VRMFs prior to 1.5.2.10
- VRMFs prior to 1.6.1.4
- InfoSphere Information Server
- 11.7
- IBM Observability with Instana (OnPrem)
- ITCAM for Transactions
- 7.4.0.x
- Spectrum Discover
- 2.0.3
- 2.0.3.1
- 2.0.3.2
- 2.0.3.3
- 2.0.3.4
- 2.0.4
- 2.0.4.1
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- هجمة حجب الخدمة (DoS attack)
- تنفيذ برمجيات خبيثة عن بعد
- تجاوز سعة مخزن الذاكرة المؤقت
- حقن البرمجيات (Code injection)
- السيطرة على النظام
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة، حيث أصدرت IBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-compare-and-comply-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-apache-pdfbox-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-vulnerable-to-a-cross-frame-scripting-exploit-cve-2021-29827/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-a-vulnerability-in-dojo-toolkit-cve-2018-15494/
- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-information-disclosure-cve-2021-29842-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-virtualization-engine-ts7700-july-2021/
- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2021-2341-may-affect-ibm-sdk-java-technology-edition-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-vulnerable-to-insecure-third-party-domain-access-cve-2021-29875/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-datastage-flow-designer-is-vulnerable-to-server-side-request-forgery/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-vulnerable-to-cross-site-scripting-cve-2021-29771/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-a-vulnerability-in-marked-cve-2017-1000427/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-a-denial-of-service-vulnerability-in-apache-commons-compress/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-datastage-flow-designer-is-vulnerable-due-to-improper-certificate-validation/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-vulnerable-to-cross-site-request-forgery-cve-2021-29888/
- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-database-server-vulnerability-affects-ibm-emptoris-strategic-supply-management-platform-cve-2021-2329/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-ibm-sdk-java-technology-edition-10/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-exists-in-the-restricted-shell-of-the-ibm-flashsystem-900-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-commons-affect-tivoli-netcool-omnibus-webgui-cve-2021-35515-cve-2021-35516-cve-2021-35517-cve-2021-36090-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-a-xxe-xml-external-entity-injection-vulnerability-cve-2021-38948/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-node-js/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-a-vulnerability-in-xstream-cve-2021-29505/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-affects-ibm-observability-with-instana-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-july-2021-includes-oracle-july-2021-cpu-minus-cve-2021-2341-affects-ibm-tivoli-composite-application-manager-for-transactions-rob/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-the-python-python-cryptography-and-urllib3-affect-ibm-spectrum-discover-2/