الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تحديثات IBM
2652
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
4 أكتوبر, 2020
● عالي
2020-1874
الكل
الوصف:
أصدرت IBM عدة تحديثات لمعالجة عدد من الثغرات في المنتجات التالية:
- IBM Cloud Pak for Data – Golang
- CP4D 2.5, 3.0
- IBM Java SDK
- IBM License Metric Tool
- Apache Camel
- IBM Resilient SOAR
- IBM DB2 Server
- IBM Emptoris Supplier Lifecycle Mgmt 10.1.3.x,10.1.1.x, 10.1.0.x
- IBM Emptoris Program Management
- IBM Emptoris Sourcing
- IBM Emptoris Contract Management
- IBM Emptoris Strategic Supply Management Platform 10.1.0.x,10.1.1.x,10.1.3.x
- Plexus-utils
- Resilient OnPrem IBM Security SOAR
- Node.js npm CLI module
- BM Cloud
- WebSphere Application Server Liberty
- IBM Operations Analytics – Log Analysis
- Apache
- Curam SPM 7.0.10, 7.0.9
- IBM Maximo Asset Management 7.6.0, 7.6.1
- App Connect Enterprise Certified Container 1.0.0 with Operator, 1.0.1 with Operator, 1.0.2 with Operator, 1.0.3 with Operator
- Ruby on Rails
- IBM License Metric Tool
- Asset Repository in IBM Cloud Pak for Integration (CP4I) Operator 1.0.0, 1.0.1
- Platform Navigator in IBM Cloud Pak for Integration (CP4I) Operator 4.0.0, 4.0.1
- IBM Cloud Pak for Integration (CP4I) Operator 1.0.0
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- الكشف والإفصاح عن معلومات حساسة
- هجمة حجب الخدمة (DoS attack)
- تنفيذ برمجيات خبيثة
- تجاوز آلية حماية
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتIBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-pak-for-data-golang-cve-2020-15586-cve-2020-14039-primary-tabs/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-license-metric-tool-v9-2/
- https://www.ibm.com/blogs/psirt/security-bulletinibm-resilient-soar-is-using-components-with-known-vulnerabilities-apache-camel-cve-2019-0188-cve-2020-11972-cve-2020-11973/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-db2-server-security-vulnerabilities-affect-ibm-emptoris-supplier-lifecycle-mgmt/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-soar-is-using-components-with-known-vulnerabilities-plexus-utils-cve-2017-1000487/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-node-js-npm-cli-module-vulnerability-affects-ibm-sdk-for-node-js-in-ibm-cloud-cve-2020-15095/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-db2-server-security-vulnerabilities-affect-ibm-emptoris-program-management/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-db2-server-security-vulnerabilities-affect-ibm-emptoris-sourcing/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-websphere-application-server-liberty-affect-ibm-operations-analytics-log-analysis-cve-2020-4590/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-db2-server-security-vulnerabilities-affect-ibm-emptoris-contract-management/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-commons-codec-affects-ibm-cram-social-program-management-177835/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-authentication-bypass-cve-2020-4493/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ibm-db2-server-security-vulnerabilities-affect-ibm-emptoris-strategic-supply-management-platform/
- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-is-vulnerable-to-cve-2019-11324/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-pak-for-data-node-js-cve-2020-8203/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ruby-on-rails-affects-ibm-license-metric-tool-v9-cve-2020-8164/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ruby-on-rails-affects-ibm-license-metric-tool-v9-cve-2020-8166/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ruby-on-rails-affect-ibm-license-metric-tool-v9/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-operators-affected-by-multiple-vulnerabilities/
قيم المحتوى
شارك الصفحة
