الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تحديثات IBM
2592
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
7 نوفمبر, 2021
● عالٍ جدًا
2021-3813
الكل
الوصف:
أصدرت IBM عدّة تحديثات لمعالجة عددٍ من الثغرات في المنتجات التالية:
- IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data
- 4.0
- IBM Security Guardium
- 10.5
- 10.6
- 11.0
- 11.1
- 11.2
- 11.3
- IBM Event Streams in IBM Cloud Pak for Integration
- 10.0.0
- 10.1.0
- 10.2.0
- 10.3.0
- 10.3.1
- 10.4.0
- IBM Business Automation Workflow
- V21.0
- V20.0
- V19.0
- V18.0
- IBM Business Process Manager
- V8.6
- V8.5
- IBM MQ Appliance
- 9.1 LTS
- 9.2 CD
- 9.2 LTS
- 9.1 CD
- IBM Tivoli Business Service Manager
- 6.2.0-6.2.0.3 IF1
- IBM Security Verify Gateway for RADIUS
- 1.x
- IBM Security Verify Gateway for Windows Login
- 1.x
- IBM Security Verify Bridge for Directory Sync
- 1.x
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- هجمة حجب الخدمة (DoS attack)
- هجمة البرمجة عبر المواقع Cross-site scripting (XSS)
- الحصول على معلومات حساسة
- تجاوز القيود الأمنية
- تنفيذ برمجيات خبيثة
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة، حيث أصدرت IBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-oracle-java-se-affecting-watson-speech-services/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-oracle-mysql-vulnerabilities-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilites-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-weak-password-policy-vulnerability-cve-2021-20418-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-reliance-on-untrusted-inputs-in-security-descision-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-affected-by-multiple-vulnerabilities-in-golang/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-kernel-vulnerability-cve-2020-25705-cve-2020-28374-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-9/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-the-following-vulnerabilities-cve-2021-29773-cve-2021-2161-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-25/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-9/
- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2021-29753/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-openldap-vulnerability-cve-2020-25692-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-oracle-mysql-vulnerability-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-vulnerable-to-a-denial-of-service-attack-cve-2021-29843/
- https://www.ibm.com/blogs/psirt/security-bulletin-xss-vulerability-in-dojo-affects-ibm-tivoli-business-service-manager-cve-2018-15494/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-cross-site-scripting-in-guardium-stap-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletinmultiple-security-vulnerabilities-fixed-in-openssl-as-shipped-with-ibm-security-verify-products-cve-2021-3711-cve-2021-3712/
قيم المحتوى
شارك الصفحة
