The official site for Saudi CERT
IBM Updates
2853
Warning Date
Severity Level
Warning Number
Target Sector
23 September, 2020
● High
2020-1824
All
Description:
IBM has released security updates to address multiple vulnerabilities in the following products:
- IBM Tivoli Composite Application Manager for Transactions (Response Time)
- 7.4.0.2
- 7.4.0.1
- IBM Cloud Application Performance Management – Response Time Monitoring Agent
- 8.1.4
- IBM Maximo Asset Management
- 7.6.0
- 7.6.1
- Maximo for Aviation
- Maximo for Life Sciences
- Maximo for Nuclear Power
- Maximo for Oil and Gas
- Maximo for Transportation
- Maximo for Utilities
- SmartCloud Control Desk
- IBM Control Desk
- Tivoli Integration Composer
- IBM Business Automation Workflow
- 20.0
- 19.0
- 18.0
- IBM Business Process Manager
- 8.6
- 8.5
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Sensitive information disclosure
- Denial of service (DoS)
- Execute arbitrary code -remotely
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlite-affects-ibm-cloud-application-performance-managment-r-esponse-time-monitoring-agent-cve-2020-15358/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-path-traversal-cve-2019-4582-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-4698-2/
Rate the content
Share the page
