The official site for Saudi CERT
IBM Updates
3170
Warning Date
Severity Level
Warning Number
Target Sector
13 August, 2020
● High
2020-1641
All
Description:
IBM has released security updates to address vulnerabilities in the following products:
- WebSphere Application Server
- 9.0
- 8.5
- 8.0
- 7.0
- IBM Operations Analytics Predictive Insights
- 1.3.6
- IBM License Metric Tool
- IBM Spectrum Protect Operations Center
- 8.1.0.000-8.1.9.xxx
- 7.1.0.000-7.1.10.xxx
- IBM Spectrum Protect Client Management Service (CMS)
- 8.1.0.000-8.1.9.xxx
- 7.1.0.000-7.1.10.xxx
- IBM Maximo Asset Management IBM Maximo Asset Management
- 7.6.0
- 7.6.1
- IBM Tivoli Application Dependency Discovery Manager
- 7.3.0.0 – 7.3.0.7
- IBM Tivoli Composite Application Manager for Transactions (Response Time)
- 7.4.0.2
- 7.4.0.1
- IBM Cloud Application Performance Management – Response Time Monitoring Agent
- 8.1.4
- IBM Spectrum Protect Server
- 8.1.0.000-8.1.9.xxx
- 7.1.0.000-7.1.10.xxx
- IBM QRadar Wincollect
- 7.2.0 – 7.2.9
- IBM WIoTP MessageGateway
- 5.0.0.1
- IBM IoT MessageSight
- 5.0.0.0
- 2.0
- IBM Netcool Agile Service Manager
- 1.1
- SAN Volume Controller and Storwize Family
- 8.3
- 7.8
- 8.2
- IBM Spectrum Protect Plus
- 10.1.0-10.1.6
- IBM i2 Analyst's Notebook
- IBM i2 Analyst's Notebook 9.2.1
- IBM i2 Analyst's Notebook Premium
- IBM i2 Analyst's Notebook Premium 9.2.1
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS)
- Sensitive information disclosure
- Execute arbitrary code
- Buffer overflow
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-a-remote-code-execution-vulnerability-cve-2020-4589/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affects-ibm-operations-analytics-predictive-insights-cve-2019-14060-cve-2019-14661-cve-2019-14662/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-faster-xml-jackson-databind-affects-ibm-operations-analytics-predictive-insights-cve-2019-144892-cve-2019-144893/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-db2-shipped-with-ibm-license-metric-tool-v9/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-websphere-application-server-liberty-affects-ibm-spectrum-protect-operations-center-and-client-management-service-cve-2019-12406/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-path-traversal-cve-2019-4582/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-runtime-affect-the-ibm-spectrum-protect-server-cve-2020-2593-cve-2019-4732/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-publicly-disclosed-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlite-affects-ibm-cloud-application-performance-managment-r-esponse-time-monitoring-agent-cve-2020-11655-cve-2020-11656/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlite-affects-ibm-cloud-application-performance-managment-r-esponse-time-monitoring-agent-cve-2020-9327/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-has-been-identified-in-bigfix-platform-shipped-with-ibm-license-metric-tool-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-db2-vulnerabilities-affect-ibm-spectrum-protect-server-cve-2020-4230-cve-2020-4135-cve-2020-4204-cve-2020-4200-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-wincollect-is-vulnerable-to-improper-access-control-cve-2020-4485-cve-2020-4486/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jquery-affect-ibm-wiotp-messagegateway-cve-2020-11023-cve-2020-11022/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-netty-affect-ibm-netcool-agile-service-manager-cve-2020-7238/
- https://www.ibm.com/blogs/psirt/security-bulletin-network-security-nss-vulnerability-affects-ibm-san-volume-controller-ibm-storwize-ibm-spectrum-virtualize-and-ibm-flashsystem-products/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jquery-affect-ibm-wiotp-messagegateway/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-camels-jmx-apache-camel-rabbitmq-and-apache-camel-netty-affects-ibm-operations-analytics-predictive-insights-cve-2020-11971-cve-2020-11972-cve/
- https://www.ibm.com/blogs/psirt/security-bulletin-incorrect-permissions-on-ibm-spectrum-protect-plus-agent-files-cve-2020-4631-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-openslp-vulnerability-affects-ibm-san-volume-controller-ibm-storwize-ibm-spectrum-virtualize-and-ibm-flashsystem-products/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analysts-notebook-and-ibm-i2-analysts-notebook-premium-memory-vulnerabilities-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-jquery-affects-ibm-wiotp-messagegateway-cve-2020-7656/
- https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerabilities-affect-ibm-san-volume-controller-ibm-storwize-ibm-spectrum-virtualize-and-ibm-flashsystem-products/
Rate the content
Share the page
