الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تحديثات IBM
2956
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
8 أكتوبر, 2020
● عالي
2020-1891
الكل
الوصف:
أصدرت IBM عدة تحديثات لمعالجة عدد من الثغرات في المنتجات التالية:
- OpenSSH and OpenSSL shipped with IBM Security Access Manager Appliance
- ISAM 7.0, 8.0
- jQuery
- IBM MobileFirst Foundation 8.x.x
- kernel
- IBM Security Guardium 10.5, 10.6, 11.0, 11.1
- IBM Java SDK
- IBM Security Guardium 9x, 10.5, 10.6, 11.0, 11.1
- Query
- DataQuant for z/OS 2.1
- DataQuant for Multiplatforms 2.1
- IBM QRadar SIEM 7.4.0 – 7.4.1 GA, .3.0 – 7.3.3 Patch 4
- Go
- API Connect V2018.4.1.0-2018.4.1.12, V10.0.0
- dbus
- IBM Security Guardium 10.6
- IBM QRadar Incident Forensics 7.4.0 – 7.4.1 GA, 7.3.0 – 7.3.3 Patch 4
- Crunchy kernel
- API Connect 10.0.0.0
- Apache Tomcat
- App Connect Professional v 7.5.3.0
- ackson-databind
- IBM Security Guardium 11.0
- IBM Cloud Pak for Data – Node.js 2.5, 3.0.1
- Oracle MySQL
- IBM Security Guardium 9.0 – 9.5, 10.0 -10.6, 11.0
- OpenSSL
- IBM Security Guardium 11.x, 10.5, 10.6
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- الكشف والإفصاح عن معلومات حساسة
- رفع الصلاحيات لزيادة قدرته على التعديل في النظام
- هجمة حجب الخدمة (DoS attack)
- هجمة البرمجة عبر المواقع (Cross-site scripting (XSS
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتIBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-openssh-and-openssl-shipped-with-ibm-security-access-manager-appliance-cve-2018-15473-cve-2019-1559/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jquery-fixed-in-mobile-foundation-cve-2020-11023-cve-2020-11022/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-kernel-vulnerabilities-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-8/
- https://www.ibm.com/blogs/psirt/security-bulletin-steps-to-update-dataquant-wrokstation-ans-dataquant-websphere-plugins/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-steps-to-update-dataquant-workstation-and-dataquant-websphere-plugins/
- https://www.ibm.com/blogs/psirt/security-bulletin-steps-to-update-dataquant-workstation-and-dataquant-websphere-plugins-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v-2018-is-impacted-by-a-vulnerability-in-go-golang-cve-2020-7919-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-kernel-vulnerability-14/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connects-api-manager-is-vulnerable-to-privilege-escalationcve-2020-4638-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-kernel-vulnerability-15/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-dbus-vulnerability-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-kernel-vulnerability-16/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-incident-forensics-is-vulnerable-to-using-component-with-known-vulnerabilities/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v10-is-impacted-by-denial-of-service-vulnerabilities-in-crunchy-kernel-cve-2020-8616-cve-2020-8617/
- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-professional-is-affected-by-apache-tomcat-vulnerabilities/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-kdc-spoofing-cve-2019-4545/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-pak-for-data-node-js-cve-2020-8172-cve-2020-8174-cve-2020-11080/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-oracle-mysql-vulnerabilities-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-kernel-vulnerability-17/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-openssl-vulnerability-6/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-kernel-vulnerability-18/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-kernel-vulnerability-19/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-kernel-vulnerability-20/
- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-professional-is-affected-by-apache-tomcat-vulnerabilities-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-deserialization-of-untrusted-data/
قيم المحتوى
شارك الصفحة
