الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تحديثات IBM
2934
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
28 يونيو, 2020
● متوسط
2020-1417
الكل
الوصف:
أصدرت IBM عدة تحديثات لمعالجة عدد من الثغرات في المنتجات التالية:
- Node.js
- IBM Integration Bus V10.0.0 – V10.0.0.20
- IBM App connect Enterprise V11 , V11.0.0.0 – V11.0.0.5
- NVIDIA Windows GPU Display driver
- OpenSSL
- IBM Rational ClearCase
- IBM Java Runtime
- IBM Rational ClearCase
- IBM App Connect Enterprise V11 , V11.0.0.0 – V11.0.0.8
- IBM Integration Bus V10.0.0.0 – V10.0.0.20
- IBM Spectrum Protect Plus
- IBM® SDK, Java™
- RSA DM
- IBM API Connect
- IBM MQ AMQP channels
- IBM MQ Appliance
- IBM Integration Bus
- IBM Integration Bus V10.0.0.0 – V10.0.0.20
- IBM Integration Bus V9.0.0.0 – V9.0.0.11
- IBM Java SDK
- IBM Content Classification
- Speech to Text, Text to Speech ICP, WebSphere Application Server Liberty
- IBM Watson Speech to Text Customer Care
- IBM TNPM for Wireline
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- هجمة حجب الخدمة (DoS attack)
- رفع الصلاحيات لزيادة قدرته على التعديل في النظام
- الكشف والإفصاح غير المصرح به للمعلومات
- هجمة البرمجة عبر المواقع ((Cross-site scripting (XSS)
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتIBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-affects-ibm-integration-bus-ibm-app-connect-enterprise-v11-cve-2019-10744/
- https://www.ibm.com/blogs/psirt/security-bulletin-nvidia-windows-gpu-display-driver-is-vulnerable-to-several-security-vulnerabilities/
- https://www.ibm.com/blogs/psirt/security-bulletin-nvidia-windows-gpu-display-driver-has-resolved-several-security-vulnerabilities-as-described-below/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-rational-clearcase-cve-2019-1551/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-the-ibm-java-runtime-affects-ibm-rational-clearcase-cve-2020-2654/
- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-ibm-spectrum-protect-plus-cve-2020-4565/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnurabilities-discovered-in-ibm-sdk-java-can-affect-rational-software-architect-design-manager/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-drupal-cve-2020-11022-cve-2020-11023-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-integration-bus-and-ibm-app-connect-enterpise-v11-cve-2020-2654/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-amqp-channels-fail-to-block-connections-restricted-by-sslpeer-setting-cve-2020-4320-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-vulnerable-to-cross-site-request-forgery-csrf-cve-2020-13663/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-affects-ibm-integration-bus-ibm-app-connect-enterprise-v11-cve-2019-17592/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-vulnerable-to-arbitrary-code-execution-and-security-bypass-in-drupal-cve-2020-13664-cve-2020-13665/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-affected-by-multiple-apache-tomcat-vulnerabilities/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-content-classification-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v-2018-ova-is-impacted-by-weak-cryptographic-algorithms-cve-2020-4452/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-vulnerable-to-a-denial-of-service-attack-due-to-an-error-within-the-data-conversion-logic-cve-2020-4310-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-vulnerable-to-cross-site-scripting-xss-in-drupal-sa-contrib-2020-025/
- https://www.ibm.com/blogs/psirt/security-bulletin-speech-to-text-text-to-speech-icp-websphere-application-server-liberty-fix-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tnpm-for-wireline-is-vulnarable-to-cross-site-request-forgerycsrf-and-cross-site-scriptingcss/
قيم المحتوى
شارك الصفحة
