The official site for Saudi CERT
IBM Updates
3272
Warning Date
Severity Level
Warning Number
Target Sector
4 February, 2020
● Medium
2020-876
All
Description:
IBM has released security updates to address vulnerabilities in the following products:
- IBM Security Identity Manager 6.0.0
- IBM Security Identity Manager 7.0.1
- WebSphere Application Server 9.0
- WebSphere Application Server 7.0
- WebSphere Application Server 8.0
- WebSphere Application Server 8.5
- IBM Security Directory Server 6.4.0
- IBM Security Directory Suite 8.0.1 – 8.0.1.11
- WebSphere Application Server Liberty 17.0.0.3 – 20.0.0.1
- WebSphere Application Server 9.0
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Bypass protection mechanism
- Execute arbitrary code
- Unauthorized disclosure of information
- Obtain sensitive information
- Denial-of-service (DoS)
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-fixed-in-ibm-security-identity-manager-cve-2019-4451/
- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-a-command-execution-vulnerability-cve-2020-4163/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-addressed-in-ibm-security-directory-server/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-liberty-shipped-with-ibm-security-directory-suite-cve-2019-4305/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-manager-virtual-appliance-is-affected-by-multiple-vulnerabilities-cve-2019-4674-cve-2018-15473-cve-2019-4675/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-cxf-affects-websphere-application-server-cve-2019-12406/
Rate the content
Share the page
