IBM Updates | Security Alerts

The official site for Saudi CERT Sign In | العربية |

| A+ A-

Your review has been sent successfully

IBM Updates

2484

Classification

Security Alert

● Critical

● High

● Medium

● Low

Warning Date

Severity Level

Warning Number

Target Sector

23 June, 2020

● High

2020-1386

All

Description:

IBM has released security updates to address multiple vulnerabilities in the following products:

IBM Security Guardium
- 10.6
- 11.1
- 11.1
IBM Security Secret Server
IBM PowerVC Standard
- 1.4.3
IBM Cloud PowerVC Manager
- 1.4.3
API Connect
- V2018.4.1.0-2018.4.1.10
ICP – Discovery
- 2.0.0-2.1.2
WA for ICP
- 1.4.1
IBM eDiscovery Manager
- 2.2.2
WA for CP4D
- 1.4.1
IBM Netezza Host Management
- 5.4.9.0 – 5.4.26.0
IBM i
- 7.4
- 7.3
- 7.2
- 7.1
Voice Gateway
- 1.0.2
- 1.0.2.4
- 1.0.3
- 1.0.4
- 1.0.5
IBM Emptoris Program Management
- 10.1.3.x,10.1.1.x, 10.1.0.x
IBM Emptoris Sourcing
- 10.1.3.x,10.1.1.x, 10.1.0.x
IBM Emptoris Contract Management
- 10.1.3.x,10.1.1.x, 10.1.0.x
IBM Emptoris Supplier Lifecycle Mgmt
- 10.1.3.x,10.1.1.x, 10.1.0.x
IBM Cloud Pak System
- 2.3, 2.3.0.1
RDNG
- 6.0.2
- 6.0.6.1
- 6.0.6
DOORS Next
- 7.0

Threats:

Attacker could exploit these vulnerabilities by doing the following:

Denial of service attack (DoS) remotely.
Decrypt highly sensitive information.
Escalate privileges.
Buffer overflow.
Cross-site scripting (XSS) attack.
Execute arbitrary code remotely.

Best practice and Recommendations:

The CERT team encourages users to review IBM security advisory and apply the necessary updates:

Last updated at 23 June, 2020