الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تحديثات IBM
2483
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
23 يوليو, 2020
● عالي
2020-1537
الكل
الوصف:
أصدرت IBM عدة تحديثات لمعالجة عدد من الثغرات في المنتجات التالية:
- IBM Verify Gateway
- IBM Java Runtime
- z/Transaction Processing Facility
- Watson Explorer
- Watson Explorer Content Analytics
- WebSphere Application Server
- FileNet Content Manager
- InfoSphere Streams
- Novalink
- DB2 Query Management Facility for z/OS
- Query Management Facility Classic Edition
- Query Management Facility Enterprise Edition
- WebSphere network
- IBM Content Foundation on Cloud
- jackson-databind
- IBM Cloud Pak System
- IBM Content Navigator
- FileNet Content Manager
- Case Foundation
- IBM Tivoli Application Dependency Discovery Manager(TADDM)
- FileNet Content Manager
- InfoSphere Streams
- Watson Explorer
- IBM Java SDK
- Z Development & Test Environment
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- الكشف والإفصاح غير المصرح به للمعلومات
- هجمة حجب الخدمة (DoS attack)
- هجوم انتحال الشخصية (Spoofing attack)
- تنفيذ برمجيات خبيثة عن بعد
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتIBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-verify-gateway-does-not-hide-client-secrets-when-debug-tracing-is-active-cve-2020-4372/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-z-tpf-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-security-vulnerability-in-filenet-content-manager/
- https://www.ibm.com/blogs/psirt/security-bulletin-sb0003749/
- https://www.ibm.com/blogs/psirt/security-bulletin-sb0003748/
- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-network-security-vulnerability-in-ibm-content-foundation-on-cloud/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-network-deployment-security-vulnerability-in-ibm-content-foundation-on-cloud/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-verify-gateway-does-not-hide-a-cryptographic-key-in-one-of-its-binary-files-cve-2020-4385/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-shipped-with-ibm-cloud-pak-system/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-navigator-logon-response-security-vulnerability-in-filenet-content-manager/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-watson-explorer-and-watson-explorer-content-analytics-studio-cve-2020-2654/
- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-liberty-vulnerabilities-used-by-ibm-streams/
- https://www.ibm.com/blogs/psirt/security-bulletin-an-info-zip-unzip-vulnerability-has-been-identified-in-ibm-tivoli-application-dependency-discovery-managertaddm/
- https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-by-websphere-application-server-liberty-is-vulnerable-to-cross-site-scripting-cve-2019-4663/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-watson-explorer-cve-2020-2781/
- https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-by-multiple-vulnerabilities-in-websphere-application-server-liberty/
- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-liberty-vulnerabilities-used-by-ibm-streams-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-security-vulnerabilities-in-filenet-content-manager/
- https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerabilities-affecting-ibm-streams/
- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-security-vulnerability-in-ibm-content-foundation-on-cloud/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-affects-watson-explorer-foundational-components-cve-2020-1967/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-exists-in-watson-explorer-cve-2020-4329/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-network-deployment-security-vulnerabilities-in-ibm-content-foundation-on-cloud/
- https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerability-cve-2019-2949-affecting-ibm-streams/
- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-liberty-vulnerabilities-used-by-ibm-streams-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-by-denial-of-service-vulnerability-in-websphere-application-server-liberty/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-z-development-and-test-environment-april-2020/
قيم المحتوى
شارك الصفحة
