The official site for Saudi CERT
IBM Updates
2475
Warning Date
Severity Level
Warning Number
Target Sector
3 March, 2020
● Medium
2020-983
All
Description:
IBM has released security updates to address multiple vulnerabilities in the following products:
- IBM Tivoli Netcool/OMNIbus_GUI
- 8.1.x
- IBM MobileFirst Platform Foundation
- 7.1.0.0
- IBM MobileFirst Foundation
- 8.0.0.0
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Elevate privileges.
- Cross-site scripting (XSS).
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary update:
- https://www.ibm.com/blogs/psirt/security-bulletin-the-relationship-admin-page-in-tivoli-netcool-omnibus-webgui-is-vulnerable-to-cross-site-scripting-attack-cve-2020-4198/
- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-publicly-disclosed-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mobilefirst-platform-foundation-susceptible-to-privilege-escalation-on-android/
- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-xss-vulnerability-have-been-identified-on-tool-prompt-configuration-page-of-tivoli-netcool-omnibus-webgui-cve-2020-4196/
- https://www.ibm.com/blogs/psirt/security-bulletin-cacheable-https-responses-have-been-identified-on-multiple-tivoli-netcool-omnibus-webgui-admin-pages-cve-2020-4197/
Rate the content
Share the page
