الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تحديثات IBM
2659
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
3 سبتمبر, 2020
● متوسط
2020-1718
الكل
الوصف:
أصدرت IBM عدة تحديثات لمعالجة عدد من الثغرات في المنتجات التالية:
- IBM Security Guardium
- IBM Java SDK
- IBM Security Guardium
- Go
- IBM API Connect V 2018
- Kernel
- IBM Netezza Host Management
- IBM API Connect's API Manager
- Apache Commons Codec
- IBM WebSphere Service Registry and Repository
- Oracle MySQL
- IBM Security Guardium
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- الكشف والإفصاح غير المصرح به للمعلومات
- هجمة حجب الخدمة (DoS attack)
- رفع الصلاحيات لزيادة قدرته على التعديل في النظام
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتIBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-use-of-a-broken-or-risky-cryptographic-algorithm-vulnerability-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-7/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v-2018-is-impacted-by-a-vulnerability-in-go-golang-cve-2020-7919/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-left-over-debug-code-in-js-files-vulnerability-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-kernel-affects-ibm-netezza-host-management-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connects-api-manager-is-vulnerable-to-privilege-escalationcve-2020-4638/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-commons-codec-affects-ibm-websphere-service-registry-and-repository/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-oracle-mysql-vulnerabilities-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-oracle-mysql-vulnerabilities-6/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-use-of-insufficiently-random-value-vulnerability-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-use-of-broken-or-risky-cryptographic-algorithm-vulnerability-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-oracle-mysql-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-improper-restriction-of-excessive-authentication-attempts-vulnerability-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-hard-coded-passwords-vulnerability-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connects-developer-portal-is-vulnerable-to-social-engineering-attacks-cve-2020-4337/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-information-exposure-in-html-comments-vulnerability-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connects-developer-portal-is-impacted-by-vulnerabilities-in-mysql/
قيم المحتوى
شارك الصفحة
