IBM Updates
1670Warning Date
Severity Level
Warning Number
Target Sector
2 September, 2020
● High
2020-1714
All
Description:
IBM has released security updates to address vulnerabilities in the following products:
- IBM Spectrum Protect Server
- IBM SDK, Java Technology Edition Quarterly
- IBM Security Guardium Insights
- Mozilla Firefox
- APM AM
- BAM
- APM SaaS
- APM on-premise
- ICAM
- kernel
- IBM Security Guardium
- IBM Jazz Foundation and IBM Engineering
- RDNG
- DOORS Next
- RTC
- EWM 7.0
- IBM Engineering Requirements Management DOORS Next
- RELM
- ENI
- RQM
- ETM
- CLM
- ELM
- IBM Engineering Workflow Management
- IBM Security Guardium
- Java
- IBM Spectrum Scale Transparent Cloud Tiering
- IBM Spectrum Protect Operations Center
- Apache Commons Codec
- IBM Spectrum Scale Transparent Cloud Tiering
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Unauthorized disclosure of information
- Denial of service attack (DoS)
- Execute arbitrary code
- Bypass of a protection mechanism
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-denial-of-service-vulnerability-in-ibm-spectrum-protect-server-cve-2020-4559-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-an-ibm-sdk-java-technology-edition-quarterly-cpu-jul-2020-includes-oracle-jul-2020-cpu-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozilla-firefox-less-than-firefox-68-9-0-esr-cve-2020-12410-hava-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if11-icam2019-3-0-2020-2-0/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-kernel-vulnerability-13/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-os-command-injection-vulnerabilities-7/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-6/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-os-command-injection-vulnerabilities-8/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-transparent-cloud-tiering-is-affected-by-a-java-vulnerability-cve-2020-2654/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-use-of-hard-coded-credentials-vulnerabilities-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-in-ibm-spectrum-protect-server-cve-2020-4591-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-code-injection-vulnerability-in-ibm-spectrum-protect-operations-center-cve-2020-4693/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-commons-codec-affects-ibm-spectrum-scale-transparent-cloud-tiering-177835/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-cross-site-scripting-vulnerability-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozilla-firefox-less-than-firefox-68-9-0-esr-hava-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if11-icam2019-3-0-2020-2-0/