The official site for Saudi CERT
IBM Updates
3178
Warning Date
Severity Level
Warning Number
Target Sector
15 September, 2020
● Medium
2020-1773
All
Description:
IBM has released security updates to address vulnerabilities in the following products:
- IBM Business Automation Workflow
- C.D.0
- IBM Business Process Manager
- 8.0, 8.5, 8.6
- IBM Aspera Connect
- 3.9.9 and earlier
- IBM Tivoli Business Service Manager
- 6.2.0.0 ~ 6.2.0.2 IF 1
- IBM Spectrum Protect Plus
- 10.1.0-10.1.6
- IBM Maximo Asset Management
- 7.6.0
- 7.6.1
- IBM Security Guardium
- 11.0
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Cross-site scripting (XSS) attack.
- Obtain sensitive information.
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-4530/
- https://www.ibm.com/blogs/psirt/security-bulletin-improper-dll-loading-vulnerability-affecting-aspera-connect-3-9-9-and-earlier-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-sdk-affects-ibm-tivoli-business-service-manager-cve-2020-14577/
- https://www.ibm.com/blogs/psirt/security-bulletin-cacheable-https-response-vulnerability-in-ibm-tivoli-business-service-manager-cve-2020-4344/
- https://www.ibm.com/blogs/psirt/security-bulletin-directory-traversal-and-execution-of-arbitrary-code-vulnerabilities-in-ibm-spectrum-protect-plus-cve-2020-4711-cve-2020-4703/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-cross-site-request-forgery-cve-2020-4526/
- https://www.ibm.com/blogs/psirt/security-bulletin-linux-kernel-vulnerability-affects-ibm-spectrum-protect-plus-187206/
- https://www.ibm.com/blogs/psirt/security-bulletin-docker-vulnerability-affects-ibm-spectrum-protect-plus-cve-2020-13401/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-sql-injection-cve-2019-4671/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-missing-security-control-vulnerability-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-java-deserialization-cve-2020-4521/
Rate the content
Share the page
