تحديثات IBM
1784تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
21 فبراير, 2021
● عالي
2021-2503
الكل
الوصف:
أصدرت IBM عدة تحديثات لمعالجة عدد من الثغرات في المنتجات التالية:
- XStream, Apache HTTP, Jackson Databind, OpenSSL, and Node.js
- IBM Spectrum Control 5.3.0.1-5.4.1
- BM Java SDK
- IBM WebSphere Cast Iron v 7.5.0.0, 7.5.0.1, 7.5.1.0
- App Connect Professional v 7.5.2.0
- App Connect Professional v 7.5.3.0
- App Connect Professional v 7.5.4.0
- WebSphere Application Server 9.0, 8.5, 8.0
- Node.js xml-crypto module
- IBM Cloud Pak for Multicloud Management Infrastructure Management
- Java
- IBM Cloud Application Business Insights 1.1.3, 1.1.4, 1.1.5
- Node.js y18n module
- IBM Cloud Pak for Multicloud Management Infrastructure Management
- PostgreSQL
- IBM Cloud Pak for Multicloud Management Infrastructure Management
- GO
- IBM Cloud Pak for Multicloud Management Infrastructure Management
- Apache Tomcat
- IBM WebSphere Cast Iron Solution v 7.5.0.0, 7.5.0.1, 7.5.1.0
- App Connect Professional v 7.5.2.0
- App Connect Professional v 7.5.3.0
- App Connect Professional v 7.5.4.0
- FasterXML Jackson Databind
- IBM Tivoli Netcool/OMNIbus Integration – Transport Module Common Integration Library
- Node.js ini module
- IBM Cloud Pak for Multicloud Management Infrastructure Management
- Bouncy Castle
- IBM Rational Performance Tester
- Node.js codemirror module
- IBM Cloud Pak for Multicloud Management
- Node.js
- IBM Cloud Pak for Multicloud Management
- IBM Spectrum Conductor 2.5.0
- IBM Spectrum Symphony 7.3.1
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- تزوير الطلب عن طريق الخادم Server-side request forgery (SSRF)
- تنفيذ برمجيات خبيثة عن بعد
- هجمة حجب الخدمة (DoS attack)
- تجاوز آلية حماية
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة حيث أصدرت IBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-xstream-apache-http-jackson-databind-openssl-and-node-js-affect-ibm-spectrum-control/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-websphere-cast-iron-solution-app-connect-professional-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-a-directory-traversal-vulnerability-cve-2021-20354/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-xml-crypto-module-affects-ibm-cloud-pak-for-multicloud-management/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-java-affects-ibm-cloud-application-business-insights/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-y18n-module-affects-ibm-cloud-pak-for-multicloud-management/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-postgresql-affects-ibm-cloud-pak-for-multicloud-management/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-go-affects-ibm-cloud-pak-for-multicloud-management/
- https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-professional-ibm-websphere-cast-iron-solution-are-affected-by-apache-tomcat-vulnerabilities/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-have-been-identified-in-fasterxml-jackson-databind-shipped-with-ibm-tivoli-netcool-omnibus-transport-module-common-integration-library-cve-2020-25649/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-ini-module-affects-ibm-cloud-pak-for-multicloud-management/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-bouncy-castle-affects-ibm-rational-performance-tester-cve-2020-26939/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-codemirror-module-affects-ibm-cloud-pak-for-multicloud-management/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-affects-ibm-cloud-pak-for-multicloud-management/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerability-issues-affect-ibm-spectrum-conductor-2-5-0/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerability-issues-affect-ibm-spectrum-symphony-7-3-1/