The official site for Saudi CERT
IBM Updates
2939
Warning Date
Severity Level
Warning Number
Target Sector
19 August, 2020
● High
2020-1655
All
Description:
IBM has released security updates to address multiple vulnerabilities in the following products:
- IBM Cloud Pak System
- 2.3.0.1
- 2.3.1.1
- IBM Cloud Private
- 3.2.1 CD
- 3.2.2 CD
- The Elastic Storage Server
- 5.3.0 - 5.3.6
- IBM Spectrum Protect Plus
- 10.1.0-10.1.6
- IBM Netezza Host Management
- 5.4.9.0 – 5.4.28.0
- IBM Planning Analytics
- 2.0.x
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service (DoS).
- Sensitive information disclosure.
- Execute arbitrary code - remotely.
- Cross-site scripting (XSS).
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-identified-in-docker-for-red-hat-enterprise-linux/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-ibm-websphere-application-server-liberty-vulnerabilities-cve-2020-4303-cve-2020-4304/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-ibm-elastic-storager-server-gui-where-authorised-user-can-execute-unauthorized-function-cve-2020-4378/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-affects-ibm-cloud-private-openssl-cve-2019-1551/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-a-kubernetes-vulnerability-cve-2019-11254/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-gnu-gettext-affects-ibm-spectrum-protect-plus-cve-2018-18751-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-server-gui-is-affected-by-cross-site-scripting-cve-2020-4358/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-an-ibm-websphere-application-server-liberty-vulnerability-cve-2019-17573/
- https://www.ibm.com/support/pages/node/6261415
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-cloud-private-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-rsyslog-affect-ibm-spectrum-protect-plus-cve-2019-17041-cve-2019-17042-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-server-gui-is-affected-by-weak-crypto-algorithm-cve-2020-4379/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-ibm-elastic-storager-server-where-an-attacker-can-cause-a-denial-of-service-cve-2020-4381/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-an-ibm-websphere-application-server-liberty-vulnerability-cve-2020-4329/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-private-curl-cve-2019-5482-cve-2019-5481/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-an-ibm-websphere-application-server-liberty-vulnerability-cve-2020-4421/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-3/
Rate the content
Share the page
