The official site for Saudi CERT
IBM Updates
2739
Warning Date
Severity Level
Warning Number
Target Sector
19 July, 2020
● Critical
2020-1521
All
Description:
IBM has released security updates to address multiple vulnerabilities in the following products:
- Netcool/OMNIbus Probe DSL Factory Framework
- probe-dsl-framework-1_0 up to and including probe-dsl-framework-6_0
- IBM Aspera High-Speed Transfer Server
- 3.9.1 and earlier
- IBM Aspera High-Speed Transfer Endpoint
- 3.9.1 and earlier
- IBM Aspera Desktop Client
- 3.9.1 and earlier
- IBM Control Center
- 6.1.3
- 6.0.0.2
- IBM Spectrum Protect Client
- 8.1.0.0-8.1.9.1 (Macintosh & Windows)
- 8.1.7.0-8.1.9.1 (Linux – web user interface only)
- 8.1.9.0-8.1.9.1 (AIX – web user interface only)
- 7.1.0.0-7.1.8.8 (Macintosh & Windows)
- IBM Spectrum Protect for Space Management
- 8.1.7.0-8.1.9.1 (Linux)
- 8.1.9.0-8.1.9.1 (AIX)
- IBM Spectrum Protect for Virtual Environments: Data Protection for VMware
- 8.1.0.0-8.1.9.1 (Linux & Windows)
- 7.1.0.0-7.1.8.8 (Linux & Windows)
- IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V
- 8.1.0.0-8.1.9.1 (Windows)
- 7.1.0-0-7.1.8.x (Windows)
- IBM Control Center
- 6.1.3.0
- 6.1.2.1
- 6.0.0.2
- IBM Security SiteProtector System
- 3.0.0
- 3.1.1
- WebSphere Application Server
- 9.0
- 8.5
- 8.0
- 7.0
- IBM Spectrum Protect Snapshot for VMware
- 4.1.0.0-4.1.6.9
- ITCAM for Transactions
- 7.4.0.1
- 7.4.0.2
- IBM Netezza Platform Software
- earlier than 7.2.1.9
- API Connect
- V5.0.0.0-5.0.8.8
- IBM MQ for HPE NonStop
- 8.1.0
- 8.0.4
- IBM Watson Machine Learning Community Edition
- 1.6.2
- 1.7.0
- IBM Emptoris Contract Management
- 10.1.3.x
- 10.1.1.x
- 10.1.0.x
- IBM Emptoris Strategic Supply Management Platform
- 10.1.3.x
- 10.1.1.x
- 10.1.0.x
- IBM Emptoris Supplier Lifecycle Mgmt
- 10.1.3.x
- 10.1.1.x
- 10.1.0.x
- IBM Emptoris Program Management
- 10.1.3.x
- 10.1.1.x
- 10.1.0.x
- IBM Emptoris Sourcing
- 10.1.3.x
- 10.1.1.x
- 10.1.0.x
- IBM Spectrum Protect Plus
- 10.1.0-10.1.5
- IBM Security Secret Server
- All versions
- IBM Content Classification
- 8.8
- IBM Operations Analytics Predictive Insights
- 1.3.6
- IBM Planning Analytics
- 2.0
- ICP – Discovery
- 2.0.0-2.1.2
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service (DoS).
- Obtain sensitive information.
- Cross-site scripting (XSS) attack.
- Remote code execution.
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-apache-camel-shipped-with-ibm-netcool-omnibus-probe-dsl-factory-framework/
- https://www.ibm.com/blogs/psirt/security-bulletin-curl-vulnerabilities-cve-2019-5443-impacts-ibm-aspera-high-speed-transfer-server-ibm-aspera-high-speed-transfer-client-ibm-aspera-desktop-client-3-9-1-and-earlier/
- https://www.ibm.com/blogs/psirt/security-bulletin-java-se-vulnerability-affects-ibm-control-center-cve-2020-2781/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-runtime-vulnerability-affects-the-ibm-spectrum-protect-backup-archive-client-ibm-spectrum-protect-for-space-management-and-ibm-spectrum-protect-for-virtual-environments/
- https://www.ibm.com/blogs/psirt/security-bulletin-java-se-vulnerability-affects-ibm-control-center-cve-2020-2654/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-vulnerability-affects-ibm-control-center-cve-2020-4329/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-siteprotector-system-is-affected-by-apache-http-server-vulnerabilities-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-a-remote-code-execution-vulnerability-cve-2020-4464/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-cxf-xss-vulnerability-affects-ibm-control-center-cve-2019-17573/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-liberty-xss-vulnerabilities-affect-ibm-control-center-cve-2020-4303-cve-2020-4304/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-runtime-vulnerability-affects-ibm-spectrum-protect-snapshot-for-vmware-cve-2020-2654/
- https://www.ibm.com/blogs/psirt/security-bulletin-addressing-the-sqlite-vulnerability-cve-2020-11656-cve-2020-11655-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-jre-8-0-1-1-affect-ibm-netezza-platform-software-clients/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-dojo-affect-ibm-spectrum-protect-snapshot-for-vmware-cve-2020-5259-cve-2020-5258/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-protect-snapshot-for-vmware-is-vulnerable-to-logjam-cve-2015-4000/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-protect-backup-archive-client-web-user-interface-ibm-spectrum-protect-for-space-management-and-ibm-spectrum-protect-for-virtual-environments-are-vulnerabile-to-logjam/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-dojo-affect-ibm-spectrum-protect-for-virtual-environments-cve-2020-5259-cve-2020-5258/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-vulnerability-cve-2020-4466/
- https://www.ibm.com/blogs/psirt/security-bulletin-wml-ce-tensorboard-node-js-lodash-module-is-vulnerable-to-a-denial-of-service-caused-by-a-prototype-pollution-attack/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-multiple-vulnerabilities-in-java/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v5-is-vulnerable-to-sensitive-information-leak-php-cve-2020-7067/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-security-vulnerabilities-affect-ibm-emptoris-contract-management-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-wml-ce-wml-ce-sqlite-through-3-32-0-has-various-security-issues/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-10673-cve-2020-1112-cve-2020-11113-cve-2020-10672-cve-2020-10968-cve-2020-10969-cve-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-security-secret-server/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jan-2020-includes-oracle-jan-2020-cpu-affect-ibm-content-classification-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-security-vulnerabilities-affect-ibm-emptoris-program-management-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-wmlce-libpcre-in-pcre-before-8-44-allows-an-integer-overflow/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-jackson-databind-affects-ibm-operations-analytics-predictive-insights-cve-2020-8840/
- https://www.ibm.com/blogs/psirt/security-bulletin-wml-ce-sqlite-through-3-32-2-has-has-a-use-after-free-problem/
- https://www.ibm.com/blogs/psirt/security-bulletin-wml-ce-libjpeg-turbo-2-0-4-and-mozjpeg-4-0-0-has-a-heap-based-buffer-over-read/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-security-vulnerabilities-affect-ibm-emptoris-strategic-supply-management-platform-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-wml-ce-in-pillow-before-7-1-0-there-is-a-buffer-overflow/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-security-vulnerabilities-affect-ibm-emptoris-sourcing-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jan-2020-includes-oracle-jan-2020-cpu-affect-ibm-content-classification-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-wml-ce-pillow-before-7-1-0-has-multiple-out-of-bounds-reads/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-security-vulnerabilities-affect-ibm-emptoris-supplier-lifecycle-mgmt-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-rails/
Rate the content
Share the page
