The official site for Saudi CERT
IBM Updates
2493
Warning Date
Severity Level
Warning Number
Target Sector
22 July, 2020
● Medium
2020-1534
All
Description:
IBM has released security updates to address vulnerabilities in the following products:
- IBM Verify Gateway (IVG)
- IBM Cloud Object Storage Systems
- IBM HTTP Server
- IBM Netezza Performance Portal
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Sensitive information disclosure
- Denial of service attack (DoS)
- Cross-site scripting (XSS)
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-verify-gateway-pam-components-default-to-cleartext-storage-of-client-secret-cve-2020-4369/
- https://www.ibm.com/blogs/psirt/security-bulletin-authd-service-in-the-ibm-verify-gateway-pam-components-is-vulnerable-to-denial-of-service-attack-cve-2020-4399/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-cloud-object-storage-systems-july-2020-v2/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-http-server-affect-ibm-netezza-performance-portal/
- https://www.ibm.com/blogs/psirt/security-bulletin-authd-service-in-the-ibm-verify-gateway-pam-components-allows-cleartext-transmission-of-sensitive-information-cve-2020-4397/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-verify-gateway-pam-components-include-a-leftover-debug-file-cve-2020-4371/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-verify-gateway-does-not-prevent-excessive-authentication-attempts-cve-2020-4400/
Rate the content
Share the page
