The official site for Saudi CERT
IBM Updates
2450
Warning Date
Severity Level
Warning Number
Target Sector
26 July, 2020
● Medium
2020-1545
All
Description:
IBM has released security updates to address vulnerabilities in the following products:
- IBM Verify Gateway (IVG)
- Qradar Advisor
- GNU Binutils
- IBM Netezza Platform Software clients
- IBM MQ Appliance
- BigFix Platform shipped with IBM License Metric Tool
- Dev team testing on production 123 456 789
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Sensitive information disclosure
- Denial of service attack (DoS)
- Execute arbitrary code
- Buffer overflow
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-verify-gateway-pam-components-do-not-set-restricted-access-permission-for-debug-logs-cve-2020-4405/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-advisor-with-watson-app-for-ibm-qradar-siem-does-not-adequately-mask-all-passwords-during-input-cve-2020-4408/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-verify-gateway-does-not-sufficiently-guard-against-unauthorized-api-calls-psirt-adv0022379/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-gnu-binutils-affect-ibm-netezza-platform-software-clients/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-affected-by-an-openssl-vulnerability-cve-2019-1551/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-has-been-identified-in-bigfix-platform-shipped-with-ibm-license-metric-tool/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-bigfix-platform-shipped-with-ibm-license-metric-tool-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-mq-appliance-cve-2020-4025-and-cve-2020-4203/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-denial-of-service-vulnerability-cve-2019-13232/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-buffer-overflow-vulnerability-cve-2015-2716/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-denial-of-service-vulnerability-cve-2018-18066/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-an-information-disclosure-vulnerability-cve-2018-20852/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-an-information-disclosure-vulnerability-cve-2020-4498/
- https://www.ibm.com/blogs/psirt/security-bulletin-dev-team-testing-on-production-123-456-789/
- https://www.ibm.com/blogs/psirt/security-bulletin-udaya-testing-on-production-12345/
Rate the content
Share the page
