The official site for Saudi CERT
IBM Updates
2549
Warning Date
Severity Level
Warning Number
Target Sector
7 October, 2020
● High
2020-1883
All
Description:
IBM has released security updates to address vulnerabilities in the following products:
- ISAM
- 7.0
- 8.0
- IBM Cloud Private for Data
- 2.5
- IBM Security Guardium
- 11.0
- 11.1
- 10.6
- 9.0 – 9.5
- API Connect
- V2018.4.1.0-2018.4.1.12
- V10.0.0
- V5.0.0.0-5.0.8.8
- Liberty for Java
- 3.48
- IBM Cloud Pak System
- v2.3.0.1, v2.3.1.1
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Obtain sensitive information
- Bypass of a protection mechanism
- Denial of service attack (DoS)
- Elevate privileges
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-pak-for-data-node-js-cve-2019-15606-cve-2019-15604-cve-2019-15605/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-kernel-vulnerabilities-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-openssh-and-openssl-shipped-with-ibm-security-access-manager-appliance-cve-2018-15473-cve-2019-1559/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-apache-commons-beanutils-1-9-2-library-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connects-developer-portal-is-impacted-by-vulnerabilities-in-mysql-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-liberty-for-java-for-ibm-cloud-is-vulnerable-to-a-denial-of-service-cve-2020-4590/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-openssl-vulnerability-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-oracle-mysql-vulnerabilities-8/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-apache-commons-vulnerability-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-oracle-mysql-vulnerabilities-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-dbus-vulnerability-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-identified-in-jackson-databind-shipped-with-ibm-cloud-pak-system-cve-2020-24750/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-oracle-mysql-vulnerabilities-7/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-tcp-sack-panic-kernel-vulnerability-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-openssl-vulnerability-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-vulnerable-to-cross-site-request-forgery-csrf-cve-2020-13663-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-2/
Rate the content
Share the page
