Your review has been sent successfully

IBM Updates

385
Classification
These posts contain security alerts, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

Warning Date

Severity Level

Warning Number

Target Sector

20 February, 2020

● High

2020-940

All

Description:

IBM has released an updates to address a vulnerabilities in the following products:

  • IBM Emptoris Spend Analysis:
    • 10.1.3.x
    • 10.1.1.x
    • 10.1.0.x
  • IBM Resilient
    • v33.x
  • IBM WebSphere Cast Iron Solution
    • 7..5.0.0
    • 7.5.1.0
    • 7.0.0.0
    • 7.0.0.2
  • IBM Security Secret Server:
    • All versions
  • WebSphere Cast Iron:
    • 7.5.0.0
    • 7.5.0.1
    • 7.5.1.0
    • 7.0.0.0
    • 7.0.0.1
    • 7.0.0.2
  • App Connect Professional:
    • 7.5.2.0
    • 7.5.3.0
  • IBM i:
    • 7.4
    • 7.3
    • 7.2
  • API Connect:
    • 5.0.0.0
    • 5.0.8.7
    • 2018.1
    • 2018.4.1.9
    • 2018.4.1.8
  • IBM Emptoris Strategic Supply Management Platform:
    • 10.1.0.x
    • 10.1.1.x
    • 10.1.1.x
    • 10.1.3.x
  • IBM Maximo Asset Management:
    • 7.6.0.10
    • 7.6.1.1
  • Industry Solutions products affected if using an affected core version:
    • Maximo for Aviation
    • Maximo for Life Sciences
    • Maximo for Nuclear Power
    • Maximo for Oil and Gas
    • Maximo for Transportation
    • Maximo for Utilities
  • IBM Control Desk products affected if using an affected core version:
    • SmartCloud Control Desk
    • IBM Control Desk
    • Tivoli Integration Composer
  • IBM Db2:
    • 9.7
    • 10.1
    • 10.5
    • 11.1
    • 11.5
  • IBM Tivoli Netcool/OMNIbus Integration - Transport Module Common Integration Library:
    • common-transportmodule-12_0 up to and including common-transportmodule-22_0
    • common-transportmodule-15_0 up to and including common-transportmodule-22_0
  • IBM Tivoli Netcool/OMNIbus Integration - Transformer for Message Bus Integration:
    • common-transformer-8_0 up to and including common-transformer-10_0
  • CLM:
    • 6.0.6.1
    • 6.0.6
    • 6.0.2
  • IBM Tivoli Monitoring:
    • Java (CANDLEHOME) IBM Tivoli Monitoring 6.3.0 through 6.3.0 fix pack 7 (including any service packs) (JRE 7 and JRE 8)
  • COS SDK Java:
    • Prior to v2.6.1

Threats:

Attacker could exploit these vulnerabilities by doing the following:

  • SQL injection remotley
  • Denial of service
  • Gain root privileges
  • Obtain sensitive information
  • Cross-site request forgery (CSRF)
  • Elevated privileges
  • Gain access to another user's session
  • Process to abort remotely
  • Bypass web application firewall protection
  • Security bypass
  • Credentials disclosure
  • Execute arbitrary code remotely
  • Server-side request forgery (SSRF) attacks

Best practice and Recommendations:

The CERT team encourages users to review IBM security advisory and apply the necessary updates:

https://www.ibm.com/support/pages/node/2948919
https://www.ibm.com/support/pages/node/3011649 https://www.ibm.com/support/pages/node/2910147 https://www.ibm.com/support/pages/node/2875875 https://www.ibm.com/support/pages/node/2404185 https://www.ibm.com/support/pages/node/2801211 https://www.ibm.com/support/pages/node/2893881 https://www.ibm.com/support/pages/node/2878809 https://www.ibm.com/support/pages/node/2867997 https://www.ibm.com/support/pages/node/2895177 https://www.ibm.com/support/pages/node/2875251 https://www.ibm.com/support/pages/node/2801613 https://www.ibm.com/support/pages/node/2801607 https://www.ibm.com/support/pages/node/2874621 https://www.ibm.com/support/pages/node/2876307 https://www.ibm.com/support/pages/node/3002121 https://www.ibm.com/support/pages/node/2910789 https://www.ibm.com/support/pages/node/2950269 https://www.ibm.com/support/pages/node/1274986 https://www.ibm.com/support/pages/node/128240

https://www.ibm.com/support/pages/node/3022677 https://www.ibm.com/support/pages/node/2911497 https://www.ibm.com/support/pages/node/2929923

Last updated at 20 February, 2020

Rate the content

rate-icon
up icon