The official site for Saudi CERT
IBM Updates
2727
Warning Date
Severity Level
Warning Number
Target Sector
17 November, 2020
● Critical
2020-2068
All
Description:
IBM has released security updates to address multiple vulnerabilities in the following products:
- API Connect
- 2018.4.1.0-2018.4.1.11
- 10.0.0.0
- IBM Business Automation Workflow
- 20.0
- IBM Maximo Asset Management
- 7.6.0
- 7.6.1
Threats:
An attacker could exploit these vulnerabilities by doing the following:
- Cross-site scripting (XSS) attack
- Bypass security restrictions
- Execute arbitrary code
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-vulnerable-to-arbitrary-code-execution-and-security-bypass-in-drupal-cve-2020-13664-cve-2020-13665-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affects-ibm-business-automation-workflow-cve-2020-4672-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-multiple-jackson-databind-cves-february-2020-2/
Rate the content
Share the page
