The official site for Saudi CERT
IBM Updates
2789
Warning Date
Severity Level
Warning Number
Target Sector
13 September, 2020
● Medium
2020-1762
All
Description:
IBM has released security updates to address vulnerabilities in the following products:
- IBM Operations Analytics Predictive Insights
- Liberty for Java
- 3.47
- IBM Db2
- V11.1
- V11.5
- HOD
- V12
- V13
- V14
- IBM Cloud Pak System
- v2.3.0.1
- v2.3.1.1
- v.2.3.2.0
- IBM Kenexa LCMS Premier on premise
- 14.0 and below
- LMS 6.1 and below
- IBM Cloud Pak System
- 2.3.0.1
- 2.3.1.1
- 2.3.2.0
- OS Image for RedHat Enterprise
- v3.0.14
- v3.0.15
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service (DoS).
- Cross-site scripting (XSS) attack.
- Obtain sensitive information.
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-may-affect-ibm-sdk-java-technology-edition-used-in-liberty-for-java-for-ibm-cloud-cve-2020-2601/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-sdk-and-ibm-java-runtime-related-to-the-kerberos-component-affect-ibm-db2-cve-2019-2949/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-on-aix-and-linux-affected-by-a-vulnerability-in-ibm-spectrum-scale-cve-2020-4412/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-jul-2020-includes-oracle-jul-2020-cpu-plus-one-additional-vulnerability-affects-liberty-for-java-for-ibm-cloud/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-on-aix-and-linux-affected-by-a-vulnerability-in-ibm-spectrum-scale-cve-2020-4411/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-may-affect-ibm-sdk-java-technology-edition-used-in-liberty-for-java-for-ibm-cloud-cve-2020-2590/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affects-host-on-demand-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-addressed-in-ibm-cloud-pak-system-april-2020-updates/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-on-premise-all-jquery-publicly-disclosed-vulnerability-cve-2020-11023-cve-2020-11022/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-side-channel-in-intel-cpus-affect-ibm-cloud-pak-system-cve-2019-11135/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lcms-premier-on-premise-all-jquery-publicly-disclosed-vulnerability-cveid-180875/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-kenexa-lms-on-premise-ibm-sdk-java-technology-edition-quarterly-cpu-jul-2020-includes-oracle-jul-2020-cpu-plus-one-additional-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-library-affects-os-pattern-kit-used-in-ibm-cloud-pak-system/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-libcurl-affects-the-os-image-for-redhat-enterprise-linux-for-ibm-cloud-pak-system-cve-2019-5436/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-avtivemq-affects-ibm-operations-analytics-predictive-insights-cve-2020-1941/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-system-is-affected-by-a-vulnerability-in-vmware-component/
Rate the content
Share the page
