تحديثات IBM
1842تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
20 إبريل, 2021
● عالي
2021-2788
الكل
الوصف:
أصدرت IBM عدة تحديثات لمعالجة عدد من الثغرات في المنتجات التالية:
- IBM Cloud Application Business Insights
- WebSphere Application Server
- WebSphere Application Server
- IBM Integration Bus
- IBM App connect Enterprise
- Log Analysis
- IBM Db2 Warehouse
- InfoSphere Streams
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- الكشف والإفصاح عن معلومات حساسة
- تنفيذ برمجيات خبيثة
- رفع الصلاحيات لزيادة قدرته على التعديل في النظام
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتIBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-soar-is-vulnerable-to-command-injection-cve-2021-20527/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-hadoop-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jan-2021-vulnerabilities-could-affect-infosphere-streams/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-oct-2020-includes-oracle-oct-2020-cpu-minus-cve-2020-14781-and-cve-2020-14782-affecting-infosphere-streams-4-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-an-apache-hadoop-vulnerability-could-affect-infosphere-streams/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bouncy-castle-affect-apache-solr-shipped-ibm-operations-analytics-log-analysis-analysis-cve-2019-17359/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-commons-compress-affect-apache-solr-shipped-ibm-operations-analytics-log-analysis-analysis-cve-2019-12402/
- https://www.ibm.com/blogs/psirt/security-bulletin-an-unspecified-vulnerability-in-java-se-could-affect-infosphere-streams/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-pdfbox-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis-cve-2019-0228/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-hadoop-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis-cve-2018-11768/
- https://www.ibm.com/blogs/psirt/security-bulletin-potential-tls-vulnerability-using-diffie-hellman-tls-ciphersuites-in-ibm-datapower-gateway-cve-2020-1968/
- https://www.ibm.com/blogs/psirt/security-bulletin-an-unspecified-vulnerability-in-java-se-related-to-the-jndi-component-could-affect-infosphere-streams/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-solr-shipped-with-ibm-operations-analytics-log-analysis-susceptible-to-vulnerability-in-apache-poi-cve-2019-12415/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-operations-analytics-log-analysis-is-affected-by-an-apache-zookeeper-vulnerability-cve-2019-0201/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-in-node-js-affect-ibm-integration-bus-ibm-app-connect-enterprise-v11/
- https://www.ibm.com/blogs/psirt/security-bulletin-an-unspecified-vulnerability-in-java-se-related-to-the-libraries-component-could-affect-infosphere-streams-version-4-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-integration-bus-and-ibm-app-connect-enterprise-cve-2020-1971/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-integration-bus-and-ibm-app-connect-enterprise-cve-2020-1968/
- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-an-xml-external-entity-xxe-injection-vulnerability-cve-2021-20453/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-java-affects-ibm-cloud-application-business-insights-2/