الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تحديثات IBM
1712
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
20 أكتوبر, 2020
● متوسط
2020-1946
الكل
الوصف:
أصدرت IBM عدة تحديثات لمعالجة عدد من الثغرات في المنتجات التالية:
- IBM Spectrum Scale V5.0.0.0 through V5.0.5 and V4.2.0.0 through V4.2.3.22
- kernel
- IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2
- DB2
- IBM Security Guardium 11.1
- Linux Kernel
- IBM Elastic Storage System 6.0.0 – 6.0.1.0
- IBM Spectrum Scale 5.0.0 – 5.0.5.2
- IBM Sterling File Gateway 2.2.0.0 – 6.0.3.1
- IBM Java Runtime
- IBM WIoTP MessageGateway 5.0.0.1
- IBM IoT MessageSight 5.0.0.0 and 2.0.0.2
- IBM Spectrum Scale
- IBM Elastic Storage 6.0.0 – 6.0.1.0
- Graphic Process Modeler
- IBM B2B Sterling Integrator 5.2.0.0 – 6.0.2.2
- IBM Elastic Storage System 3000 6.0.0 – 6.0.0.2
- IBM Sterling B2B Integrator 5.2.0.0 – 6.0.3.1
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- هجمة حجب الخدمة (DoS attack)
- هجمة البرمجة عبر المواقع (Cross-site scripting (XSS
- حقن SQL
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتIBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-ibm-spectrum-scale-where-a-local-unprivileged-user-could-cause-a-denial-of-service-cve-2020-4491/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-kernel-vulnerability-21/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-vulnerabilities-in-db2-which-guardium-ships/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-linux-kernel-used-in-ibm-elastic-storage-system/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-the-ibm-spectrum-scale-gui/
- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affects-ibm-sterling-file-gateway-cve-2020-4564/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-messagegateway-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-spectrum-scale-packaged-in-ibm-elastic-storage-system-could-cause-a-denial-of-service-cve-2020-4756/
- https://www.ibm.com/blogs/psirt/security-bulletin-there-are-multiple-vulnerabilities-in-the-linux-kernel-used-in-ibm-elastic-storage-system/
- https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-vulnerability-affects-the-graphic-process-modeler-in-ibm-sterling-b2b-integrator-cve-2019-4680/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-system-3000-is-affected-by-weak-cryptographic-algorithm-cve-2020-4350/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-ibm-spectrum-scale-where-an-unprivileged-local-user-may-cause-a-denial-of-service-cve-2020-4411/
- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-security-vulnerability-affects-ibm-sterling-b2b-integrator-standard-edition-cve-2020-4564/
قيم المحتوى
شارك الصفحة
