IBM Updates
1675Warning Date
Severity Level
Warning Number
Target Sector
17 December, 2020
● Medium
2020-2225
All
Description:
IBM has released security updates to address several vulnerabilities in the following products:
- IBM Watson Speech Services for Cloud Pak for Data
- 1.2
- IBM Sterling Connect:Direct for UNIX
- 4.2.0
- 4.3.0
- IBM Connect:Direct for UNIX
- 6.0.0
- 6.1.0
- IBM® Db2®
- V9.7
- V10.1
- V10.5
- V11.1
- V11.5
- IBM Security Secret Server
- RPT
- 9.5
- IBM License Metric Tool
- z/Transaction Processing Facility
- 1.1
- IBM Watson Speech Services for Cloud Pak for Data
- 1.2
- IBM Security Key Lifecycle Manager
- 4.0
- 3.0.1
- IBM Security Privilege Manager
- Versions prior to 10.8
Threats:
An attacker could exploit these vulnerabilities by doing the following:
- Buffer overflow
- Execute arbitrary code
- Elevate privileges
- Obtain sensitive information
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerability-affects-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-for-cloud-pak-for-data-1-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-gnu-c-library-vulnerability-affects-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-for-cloud-pak-for-data-1-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-tomcat-vulnerabilities-affect-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-for-cloud-pak-for-data-1-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-authentication-mechanism-vulnerability-affects-ibm-connectdirect-for-unix-cve-2020-4747-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-a-denial-of-service-attack-cve-2020-4420-6/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-security-secret-server-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-may-be-vulnerable-to-a-denial-of-service-attack-cve-2020-4355-6/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-performance-tester-primary-tabs/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-javascript-affects-ibm-license-metric-tool-v9-cve-2020-8203/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-performance-tester/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-z-tpf-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-liberty-vulnerabilities-affect-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-for-cloud-pak-for-data-1-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-buffer-overflow-leading-to-a-privileged-escalation-cve-2020-4363-8/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-and-denial-of-service-cve-2020-4414-6/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-service-tester-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-cve-2020-4387-7/
- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilities-affect-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-for-cloud-pak-for-data-1-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerabilities-affect-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-for-cloud-pak-for-data-1-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-security-key-lifecycle-manager-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-gnu-glibc-vulnerability-affects-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-for-cloud-pak-for-data-1-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-an-information-disclosure-cve-2020-4386-6/
- https://www.ibm.com/blogs/psirt/security-bulletin-spring-framework-vulnerabilities-affect-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-for-cloud-pak-for-data-1-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-tomcat-vulnerabilities-affect-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-for-cloud-pak-for-data-1-2-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-performance-tester-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-java-vulnerablity-affects-ibm-watson-speech-services-for-cloud-pak-for-data-1-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-ibm-security-verify-privilege-manager-previously-known-as-ibm-security-privilege-manager-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-and-ibm-java-runtime-affects-rational-performance-tester/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-rational-service-tester-3/