الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تحديثات IBM
2640
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
15 ديسمبر, 2021
● عالٍ جدًا
2021-4071
الكل
الوصف:
أصدرت IBM عدّة تحديثات لمعالجة عددٍ من الثغرات في المنتجات التالية:
Apache Log4j :
- IBM Disconnected Log Collector
- v1.0 – v1.7
- SPSS Statistics Subscription
- 1.0
- IBM Security Verify Access Docker
- 10.0.0
- ISAM
- 9.0
- SPSS Statistics
- 28.0.1
- 27.0.1
- 26.0
- 25.0
- i2 Analyze
- 4.3.5.0
- 4.3.4.0
- 4.3.3.0
- i2 Connect
- 1.1.1
- 1.1.0
- 1.0.3
- Analyst's Notebook Premium
- 9.3.1
- 9.3.0
- IBM Security Access Manager
- 9.0.7.1
- IBM Security Verify Access
- 10.0.0.0
- IBM Cloud Transformation Advisor
- 2.5.0
- IBM Sterling File Gateway
- 6.0.0.0 – 6.1.1.0
- IBM MQ
- 9.2 CD
- 9.1 CD
- 9.2 LTS
ثغرات أخرى:
- WebSphere Application Server:
- 9.0
- 8.5
- 8.0
- Rational Asset Analyzer
- 6.1.0.0 – 6.1.0.23
- App Connect Professional
- v 7.5.4.0
- IBM Integration Bus
- V10.0.0 – V10.0.0.24
- IBM QRadar SIEM
- 7.3.0 to 7.3.3 FP 10
- 7.4.0 to 7.4.3 FP 4
- IBM WebSphere Cast Iron
- v 7.5.1.0
- App Connect Professional
- v 7.5.2.0
- 7.5.4
- 7.5.5
- P8 OpenPOWER
- release OP825 OP825.50
- Hardware Management Console System Firmware
- v3.11_v3.23_ hmc
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- الحصول على معلومات حساسة
- ترقية ورفع الصلاحيات
- تنفيذ برمجيات خبيثة - عن بعد
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة، حيث أصدرت IBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-log4j-as-used-in-ibm-disconnected-log-collector-is-vulnerable-to-remote-code-execution-rce-cve-2021-44228/
- https://www.ibm.com/blogs/psirt/security-bulletin-log4shell-vulnerability-affects-ibm-spss-statistics-subscription-cve-2021-44228/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-access-manager-9-0-7-1-and-ibm-security-verify-access-10-0-0-0-may-be-affected-by-the-log4j-vulnerability-cve-2021-44228/
- https://www.ibm.com/blogs/psirt/security-bulletin-log4shell-vulnerability-affects-ibm-spss-statistics-cve-2021-44228/
- https://www.ibm.com/blogs/psirt/security-bulletin-i2-analyze-i2-connect-and-analysts-notebook-preium-are-affected-by-the-log4j-vulnerability-cve-2021-44228/
- https://www.ibm.com/blogs/psirt/security-bulletin-i2-analyze-i2-connect-and-analysts-notebook-premium-are-affected-by-the-log4j-vulnerability-cve-2021-44228/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-access-manager-9-0-7-1-and-ibm-security-verify-access-10-0-0-0-may-be-affected-by-the-log4j-vulnerability-cve-2021-44228-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-apache-log4j-vulnerability-cve-2021-44228/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-affects-ibm-sterling-file-gateway-cve-2021-44228/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-blockchain-bridge-dependencies-are-vulnerable-to-an-issue-in-apache-log4j-cve-2021-44228/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-websphere-application-server-shipped-with-ibm-websphere-application-server-patterns/
- https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-is-affected-by-vulnerabilities-in-websphere-application-server-liberty/
- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-professional-is-affected-by-bouncy-castle-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-integration-bus-cve-2021-3712/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-integration-bus-cve-2021-3712/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-application-framework-v1-centos6-is-end-of-life-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-ibm-websphere-cast-iron-solution-app-connect-professional/
- https://www.ibm.com/blogs/psirt/security-bulletin-this-power-system-update-is-being-released-to-address-cve-2021-29847/
- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-professional-ibm-websphere-cast-iron-solution-are-affected-by-axios-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-affecting-ibm-rational-asset-analyzer-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-tomcat-affects-app-connect-professional/
قيم المحتوى
شارك الصفحة
