الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تحديثات IBM
2629
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
25 مارس, 2021
● عالٍ جدًا
2021-2674
الكل
الوصف:
أصدرت IBM عدة تحديثات لمعالجة عدد من الثغرات في المنتجات التالية:
- IBM Cloud Pak for Integration (CP4I) Operator
- 2020.1- 2020.4
- 8.5 prior to 8.5.1
- 2019.1 - 2019.4
- Platform Navigator in IBM Cloud Pak for Integration (CP4I)
- 2020.1- 2020.4
- 2019.1 - 2019.4
- Asset Repository in IBM Cloud Pak for Integration (CP4I)
- 2020.1- 2020.4
- 2019.1 - 2019.4
- ITNM
- 3.9
- 4.1
- 4.2
- 6.4.2
- Rational Build Forge
- 8.0 to 8.0.0.18
- App Connect for Manufacturing
- 2.0.0.5
- IBM Watson Explorer Deep Analytics Edition Foundational Components
- 12.0.0, 12.0.1, 12.0.2.0 – 12.0.2.2, 12.0.3.0 – 12.0.3.4
- Watson Explorer Foundational Components
- 11.0.0.0 – 11.0.0.3, 11.0.1, 11.0.2.0 – 11.0.2.8
- 10.0.0.0 – 10.0.0.9
- IBM Operational Decision Manager
- 8.8.x – 8.10.x
- Operations Dashboard
- 2020.2.1
2020.3.1
2020.4.1-0-eus
- 2020.2.1
- SDS
- 6.4.0
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- تنفيذ برمجيات خبيثة
- تجاوز المصادقات
- هجمة حجب الخدمة (DoS attack)
- هجمة البرمجة عبر المواقع Cross-site scripting (XSS)
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتIBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-go-vulnerabilities-cve-2021-3114-and-cve-2021-3115/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-apache-cxf-which-is-a-required-product-for-ibm-tivoli-network-manager-ip-edition-cve-2020-13954/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-xstream-which-is-a-required-product-for-ibm-tivoli-network-configuration-manager-cve-2020-26258-cve-2020-26259/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-java-se-affects-rational-build-forge-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-xstream-which-is-a-required-product-for-ibm-tivoli-network-configuration-manager-cve-2020-26217/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-node-js-vulnerabilities-cve-2020-1971-cve-2020-8265-and-cve-2020-8287/
- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-for-manufacturing-2-0-is-affected-by-vulnerabilities-of-log4j-1-2-17-log4j-deserialization-remote-code-execution-cve-2019-17571/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-affects-watson-explorer-foundational-components-cve-2020-1971/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-affect-ibm-operational-decision-manager-oct-2020-and-jan-2021-cpus/
- https://www.ibm.com/blogs/psirt/security-bulletin-operations-dashboard-is-vulnerable-to-go-vulnerabilities-cve-2021-3114-and-cve-2021-3115/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-directory-server-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-go-vulnerabilities-cve-2020-28851-and-cve-2020-28852/
قيم المحتوى
شارك الصفحة
