الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تحديثات IBM
2400
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
14 ديسمبر, 2021
● عالٍ جدًا
2021-4041
الكل
الوصف:
أصدرت IBM عدّة تحديثات لمعالجة عددٍ من الثغرات في المنتجات التالية:
- WebSphere Application Server
- 9.0
- 8.5
- NovaLink
- 2.0.0.0
- 2.0.1
- 2.0.2
- 1.0.0.16
- DataQuant for z/OS
- 2.1
- WebSphere MQ V5.3 for HP NonStop Server (MIPS and Itanium)
- 53.1.x
- IBM MQ for HPE NonStop
- 8.1.0
- 8.0.4
- IBM Tivoli Application Dependency Discovery Manager
- 7.3.0.3 – 7.3.0.9
- IBM Netezza Host Management starting
- From 5.4.9.0
- IBM Netezza Analytics for NPS
- <= 11.2.21
- IBM Netezza Analytics
- <= 3.3.9
- IBM Business Automation Workflow
- V21.0
- V20.0
- V19.0
- V18.0
- IBM Business Process Manager
- V8.6
- V8.5
- IBM Tivoli Netcool System Service Monitors/Application Service Monitors
- 4.0.1
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- هجمة حجب الخدمة (DoS attack)
- الحصول على معلومات حساسة
- ترقية ورفع الصلاحيات
- تنفيذ برمجيات خبيثة
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة، حيث أصدرت IBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-affects-websphere-application-server-cve-2021-44228/
- https://www.ibm.com/blogs/psirt/security-bulletin-novalink-vulnerability-to-allow-a-remote-user-to-enumerate-usernames-due-to-a-difference-of-responses-from-valid-and-invalid-login-attempts-cve-2021-29842/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-remote-code-execution-vulnerability-log4shell-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-affects-websphere-application-server-cve-2021-44228-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-mq-for-hp-nonstop-server-is-affected-by-openssl-vulnerability-cve-2021-3712/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-shipped-with-ibm-digital-business-automation-workflow-family-products-java-cpu-october-2021/
- https://www.ibm.com/blogs/psirt/security-bulletin-log4j-vulnerability-cve-2021-44228-affects-ibm-netezza-analytics-and-ibm-netezza-analytics-for-nps/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hp-nonstop-server-is-affected-by-vulnerability-cve-2021-38875/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hp-nonstop-server-is-affected-by-vulnerability-cve-2021-3712/
- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-kernel-affects-ibm-netezza-host-management-16/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-commons-compress-affect-websphere-application-server-was-liberty-is-vulnerable-to-information-exposure/
- https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-by-vulnerabilities-in-apache-commons-compress-affect-websphere-application-server-cve-2021-35517-cve-2021-36090/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hp-nonstop-server-is-affected-by-vulnerability-cve-2021-38950/
قيم المحتوى
شارك الصفحة
