The official site for Saudi CERT
IBM Updates
2995
Warning Date
Severity Level
Warning Number
Target Sector
10 March, 2020
● Medium
2020-1000
All
Description:
IBM has released security updates to address vulnerabilities in the following products:
- Tivoli Workload Scheduler 9.3.x
- DB2 Query Management Facility for z/OS 11.2.1
- DB2 Query Management Facility for z/OS 12.1
- Query Management Facility Classic Edition 11.1
- DB2 Query Management Facility for z/OS 12.2
- Query Management Facility Enterprise Edition 11.1
- DB2 Query Management Facility for z/OS 11.2
- DB2 Query Management Facility for z/OS 11.1
- IBM Business Automation Workflow 18.0.0, 19.0.0
- DCNM 11.1, 11.2, 11.3
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Bypass of a protection mechanism
- Obtain sensitive information
- Denial of service attack (DoS)
- Cross-site scripting (XSS)
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-workload-scheduler-9-3-vulnerable-to-cve-2019-4608/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-oct-2019-includes-oracle-oct-2019-cpu-minus-cve-2019-2949-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-an-information-disclosure-vulnerability-has-been-identified-with-the-embedded-content-platform-engine-component-shipped-with-ibm-business-automation-workflow-cve-2019-4572/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-dcnm-network-management-software-used-by-ibm-c-type-san-directors-and-switches/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-dcnm-network-management-software-used-by-ibm-c-type-san-directors-and-switches-2/
Rate the content
Share the page
