الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تحديثات IBM
2627
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
30 يونيو, 2020
● عالي
2020-1420
الكل
الوصف:
أصدرت IBM عدة تحديثات لمعالجة عدد من الثغرات في المنتجات التالية:
- IBM Java Runtime
- IBM Rational ClearQuest
- IBM Agile Lifecycle Manager
- IBM Integration Bus
- IBM App Connect Enterprise
- IBM Dojo Toolkit
- IBM Tivoli Netcool Impact
- Java SE product of Oracle Java SE
- InfoSphere Streams
- IBM Security QRadar Packet Capture
- jQuery
- IBM Tivoli Netcool Impact
- IBM Java SDK
- IBM Tivoli Netcool Impact
- middleware software
- IBM Cloud Pak for Automation
- Java SE
- IBM Rational Build Forge
- IBM Business Automation Workflow
- IBM Business Process Manager
- IBM WebSphere Application Server
- IBM Tivoli Netcool Impact
- PHP
- IBM API Connect
- OpenSSL
- IBM Rational ClearQuest
- IBM® SDK Java™ Technology Edition
- IBM Rational Build Forge
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- هجمة حجب الخدمة (DoS attack) –عن بعد
- رفع الصلاحيات لزيادة قدرته على التعديل في النظام
- تعديل غير مصرح به
- تجاوز آلية حماية
- تنفيذ برمجيات خبيثة
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتIBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-the-ibm-java-runtime-affects-ibm-rational-clearquest-cve-2020-2654/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-an-ibm-dojo-toolkit-vulnerability-cve-2019-10785/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-the-java-se-product-of-oracle-java-se-component-libraries-supported-versions-that-are-affected-are-java-se-7u241-8u231-11-0-5-and-13-0-1/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-ibm-dojo-toolkit-vulnerabilities-cve-2020-5258-cve-2020-5259/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-packet-capture-is-vulnerable-to-using-components-with-known-vulnerabilities-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-jquery-vulnerabilities-cve-2020-11022-cve-2020-11023/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-sdk-affects-ibm-tivoli-netcool-impact-cve-2020-2781/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-sdk-affects-ibm-tivoli-netcool-impact-cve-2019-2949/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-middleware-software-affect-ibm-cloud-pak-for-automation/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-in-java-se-affects-rational-build-forge-cve-2019-2949/
- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-4557-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-websphere-application-server-shipped-with-ibm-tivoli-netcool-impact-cve-2019-12406/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-php-cve-2020-7066-cve-2020-7065-cve-2020-7064/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-openssl-affects-ibm-rational-clearquest-cve-2019-1551/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-affect-ibm-rational-build-forge/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affects-ibm-agile-lifecycle-manager-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-middleware-software-affect-ibm-cloud-pak-for-automation-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affect-ibm-integration-bus-and-ibm-app-connect-enterpise-v11-cve-2019-2949/
- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-4557/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-middleware-software-affect-ibm-cloud-pak-for-automation/
قيم المحتوى
شارك الصفحة
