IBM Updates
1777Warning Date
Severity Level
Warning Number
Target Sector
30 June, 2020
● High
2020-1420
All
Description:
IBM has released security updates to address vulnerabilities in the following products:
- IBM Java Runtime
- IBM Rational ClearQuest
- IBM Agile Lifecycle Manager
- IBM Integration Bus
- IBM App Connect Enterprise
- IBM Dojo Toolkit
- IBM Tivoli Netcool Impact
- Java SE product of Oracle Java SE
- InfoSphere Streams
- IBM Security QRadar Packet Capture
- jQuery
- IBM Tivoli Netcool Impact
- IBM Java SDK
- IBM Tivoli Netcool Impact
- middleware software
- IBM Cloud Pak for Automation
- Java SE
- IBM Rational Build Forge
- IBM Business Automation Workflow
- IBM Business Process Manager
- IBM WebSphere Application Server
- IBM Tivoli Netcool Impact
- PHP
- IBM API Connect
- OpenSSL
- IBM Rational ClearQuest
- IBM® SDK Java™ Technology Edition
- IBM Rational Build Forge
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS) -remotely
- Unauthorized disclosure of information
- Unauthorized modification
- Bypass of a protection mechanism
- Execute arbitrary code
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-the-ibm-java-runtime-affects-ibm-rational-clearquest-cve-2020-2654/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-an-ibm-dojo-toolkit-vulnerability-cve-2019-10785/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-the-java-se-product-of-oracle-java-se-component-libraries-supported-versions-that-are-affected-are-java-se-7u241-8u231-11-0-5-and-13-0-1/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-ibm-dojo-toolkit-vulnerabilities-cve-2020-5258-cve-2020-5259/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-packet-capture-is-vulnerable-to-using-components-with-known-vulnerabilities-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-netcool-impact-is-affected-by-jquery-vulnerabilities-cve-2020-11022-cve-2020-11023/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-sdk-affects-ibm-tivoli-netcool-impact-cve-2020-2781/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-sdk-affects-ibm-tivoli-netcool-impact-cve-2019-2949/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-middleware-software-affect-ibm-cloud-pak-for-automation/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-in-java-se-affects-rational-build-forge-cve-2019-2949/
- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-4557-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-ibm-websphere-application-server-shipped-with-ibm-tivoli-netcool-impact-cve-2019-12406/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-php-cve-2020-7066-cve-2020-7065-cve-2020-7064/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-openssl-affects-ibm-rational-clearquest-cve-2019-1551/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-affect-ibm-rational-build-forge/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affects-ibm-agile-lifecycle-manager-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-middleware-software-affect-ibm-cloud-pak-for-automation-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affect-ibm-integration-bus-and-ibm-app-connect-enterpise-v11-cve-2019-2949/
- https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-4557/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-middleware-software-affect-ibm-cloud-pak-for-automation/