تحديثات IBM
2608تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
8 مارس, 2020
● عالي
2020-997
الكل
الوصف:
أصدرت IBM عدة تحديثات لمعالجة عدد من الثغرات في المنتجات التالية:
- WAS Liberty
- IBM Watson™ Speech Services
- IBM Tivoli Application Dependency Discovery Manager
- IBM API
- WebSphere Application Server
- IBM Watson™ Speech Services
- Oracle MySQL
- API Connect
- IBM® Runtime Environment Java™ Version 7 and Version
- RDS
- RDA
- Curl
- IBM Cloud Pak System
- OS Image for RedHat Enterprise Linux
- IBM JDK
- DataQuant for z/OS
- DataQuant for Multiplatforms
- Netty
- HTTP/TCP Proxy component in Rational Test Virtualization Server
- HTTP/TCP Proxy component in Rational Test Workbench
- Mozzila Firefox
- APM AM
- BAM
- APM SaaS
- APM on-premise
- ICAM
- Open Source Python
- IBM Tivoli Application Dependency Discovery Manager
- Open Source Apache CXF
- IBM Tivoli Application Dependency Discovery Manager
- IBM Tivoli Application Dependency Discovery Manager
- Apache Commons Beanutils in WebSphere Application Server
- Atlas eDiscovery Process Management
- Node.js
- IBM App connect Enterprise
- WebSphere Application Server
- IBM Tivoli Application Dependency Discovery Manager
- Samba
- IBM Spectrum Scale
- IBM Spectrum Scale
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- تجاوز آلية الحماية
- تجاوز سعة مخزن الذاكرة المؤقت
- تنفيذ برمجيات خبيثة عن بعد
- الكشف والإفصاح غير المصرح به للمعلومات
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتIBM توضيحًا لهذه التحديثات:
- https://www.ibm.com/blogs/psirt/security-bulletin-was-liberty-vunerabilities-affect-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-1-1/
- https://www.ibm.com/blogs/psirt/security-bulletin-api-connects-developer-portal-is-impacted-by-vulnerabilities-in-php/
- https://www.ibm.com/blogs/psirt/security-bulletin-was-liberty-vunerabilities-affect-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-1-1-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-in-websphere-application-server-affects-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-1-1/
- https://www.ibm.com/blogs/psirt/security-bulletin-api-connect-is-impacted-by-multiple-vulnerabilities-in-oracle-mysql/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-directory-server-tivoli-rational-directory-administrator-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-curl-used-in-os-image-for-redhat-enterprise-linux-for-cloud-pak-system-cve-2018-16842/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-oct-2019-includes-oracle-oct-2019-cpu-minus-cve-2019-2949-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-rational-integration-tester-http-tcp-proxy-component-in-rational-test-virtualization-server-and-rational-test-workbench-affected-by-netty-vulnerabilities-cve-2020-7238-cve-2019-16/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozzila-firefox-less-than-firefox-68-4-esr-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if10-icam-3-0-4-0/
- https://www.ibm.com/blogs/psirt/security-bulletin-python-vulnerability-in-ibm-tivoli-application-dependency-discovery-manager-cve-2019-16935/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-cxf-publicly-disclosed-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-all-python-publicly-disclosed-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-bypass-security-restrictions-in-was-liberty-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-3rd-party-stored-cross-site-scripting-in-tivoli-application-dependency-discovery-manager/
- https://www.ibm.com/blogs/psirt/security-bulletin-cookie-created-without-secure-flag-was-liberty-cve-2019-4305/
- https://www.ibm.com/blogs/psirt/security-bulletin-atlas-ediscovery-process-management-is-affected-by-a-vulnerable-to-apache-commons-beanutils-in-websphere-application-server/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-node-js-affects-ibm-app-connect-enterprise-v11/
- https://www.ibm.com/blogs/psirt/security-bulletin-stack-is-displayed-in-websphere-application-server-cve-2019-4441/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-samba-affects-ibm-spectrum-scale-smb-protocol-access-method-cve-2019-14907/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-ibm-spectrum-scale-where-an-attacker-can-cause-a-denial-of-service-cve-2020-4217/