تحديثات IBM
1754تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
6 أكتوبر, 2021
● عالي
2021-3625
الكل
الوصف:
أصدرت IBM عدة تحديثات لمعالجة عددٍ من الثغرات في عددٍ من منتجاتها، ومن أبرزها:
- IBM Virtualization Engine TS7700
- 3957 - VEC
- 8.51.0.63
- 8.51.1.26
- 8.52.100.32
- 3957 - VED
- 8.51.0.63
- 8.51.1.26
- 8.52.100.32
- 3957 - VEC
- IBM Observability with Instana (OnPrem)
- IBM Sterling B2B Integrator - IT37677
- 5.2.0.0 – 5.2.6.5_4
- 6.0.0.0 – 6.0.0.6
- 6.0.1.0 – 6.0.3.4
- 6.1.0.0 – 6.1.0.3
- IBM Cloud Pak System
- 2.3.x.x
- PowerVM Hypervisor
- FW1010
- 8335-GTC
- OP910
- 8335-GTG
- OP910
- 8335-GTH
- OP920
- OP930
- OP940
- 8335-GTW
- OP910
- 8335-GTX
- OP940
- 9183-22X
- OP940
- 7063-CR2
- OP940
- IBM Event Streams in IBM Cloud Pak for Integration
- 10.0.0
- 10.1.0
- 10.2.0
- 10.3.0
- 10.3.1
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- هجمة حجب الخدمة (DoS attack)
- رفع الصلاحيات لزيادة قدرته على التعديل في النظام
- الكشف والإفصاح عن المعلومات
- تنفيذ برمجيات خبيثة
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة، حيث أصدرت IBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-virtualization-engine-ts7700-management-interface-cve-2021-29908/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-observability-with-instana/
- https://www.ibm.com/blogs/psirt/security-bulletin-jackson-dataformats-vulnerability-affects-the-b2b-api-of-ibm-sterling-b2b-integrator-cve-2020-28491/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-standard-taglibs-vulnerability-affects-ibm-sterling-b2b-integrator-cve-2015-0254/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-vmware-affect-ibm-cloud-pak-system-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-the-powervm-hypervisor-can-assign-duplicate-wwpns-to-virtual-fiber-channel-adapters-in-peer-vms/
- https://www.ibm.com/blogs/psirt/security-bulletin-this-power-system-update-is-being-released-to-address-cve-2021-39296/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-observability-with-instana-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-ui-affected-by-multiple-node-package-vulnerabilities/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-commons-beanutils-vulnerabilities-affect-ibm-sterling-b2b-integrator-cve-2014-0114-cve-2019-10086/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-xerces2-vulnerabilities-affect-ibm-sterling-b2b-integrator-cve-2012-0881-cve-2013-4002/
- https://www.ibm.com/blogs/psirt/security-bulletin-xstream-vulnerability-affects-ibm-sterling-b2b-integrator-cve-2021-29505/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-observability-with-instana-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-xml-beans-vulnerability-affects-ibm-sterling-b2b-integrator-cve-2021-23926/
- https://www.ibm.com/blogs/psirt/security-bulletin-jackson-data-mapper-vulnerability-affects-ibm-sterling-b2b-integrator-cve-2019-10172/
- https://www.ibm.com/blogs/psirt/security-bulletin-netty-vulnerabilities-affect-the-b2b-api-of-ibm-sterling-b2b-integrator/
- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-request-forgery-vulnerability-affects-ibm-sterling-b2b-integrator-cve-2021-29837/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilitiy-affects-ibm-observability-with-instana/
- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affects-the-mailbox-user-interface-of-ibm-sterling-b2b-integrator-cve-2021-29855/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-affects-ibm-observability-with-instana-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-observability-with-instana-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerablity-affects-the-dashboad-ui-of-ibm-sterling-b2b-integrator-cve-2021-29836/
- https://www.ibm.com/blogs/psirt/security-bulletin-weaker-cryptographic-algorithm-vulnerability-affects-ibm-sterling-b2b-integrator-cve-2021-38925/
- https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-vulnerability-affects-b2b-api-of-ibm-sterling-b2b-integrator-cve-2021-29903/
- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerabiliby-affects-dashboard-ui-of-ibm-sterling-b2b-integrator-cve-2021-29764/
- https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-vulnerability-affects-docker-container-of-ibm-sterling-b2b-integrator-cve-2021-29798/
- https://www.ibm.com/blogs/psirt/security-bulletin-access-control-vulnerabilities-affects-the-dashboard-user-interface-of-ibm-sterling-b2b-integrator/
- https://www.ibm.com/blogs/psirt/security-bulletin-xxe-vulnerability-in-drools-affects-ibm-sterling-b2b-integrator-cve-2014-8125/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-kafka-vulnerabilities-affect-the-b2b-api-of-ibm-sterling-b2b-integrator-cve-2017-12610-cve-2018-1288/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-affects-ibm-observability-with-instana/
- https://www.ibm.com/blogs/psirt/security-bulletin-the-community-edition-of-ibm-ilog-cplex-optimization-studio-is-affected-by-a-vulnerability-in-libcurl-cve-2021-22925/
- https://www.ibm.com/blogs/psirt/security-bulletin-the-community-edition-of-ibm-ilog-cplex-optimization-studio-is-affected-by-a-vulnerability-in-libcurl-cve-2021-22924/