The official site for Saudi CERT
IBM Updates
2825
Warning Date
Severity Level
Warning Number
Target Sector
5 August, 2020
● High
2020-1593
All
Description:
IBM has released security updates to address vulnerabilities in the following products:
- IBM Security Identity Governance and Intelligence
- 5.2.6
- ICP – Compare & Comply
- IBM Network Performance Insight
- 1.3
- 1.3.1
- Platform Navigator in IBM Cloud Pak for Integration (CP4I)
- 2.2.1 (CP4I 2019.3.2.2)
- 3.1.0 (CP4I 2020.1.1)
- 2020.2.1-0 (CP4I 2020.2.1)
- Asset Repository in IBM Cloud Pak for Integration (CP4I)
- 4.0.0 (CP4I 2020.1.1)
- 2020.2.1-0 (CP4I 2020.2.1)
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS)
- Sensitive information disclosure
- Buffer overflow
- Execute arbitrary code
- Bypass of a protection mechanism
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4243/
- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-websphere-application-server-liberty/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-valunarability-found-in-network-performance-insight-cve-2019-17571/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-affected-by-multiple-node-js-vulnerabilities/
- https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-publicly-disclosed-vulnerability-found-in-network-performance-insight/
Rate the content
Share the page
