The official site for Saudi CERT
IBM Updates
2658
Warning Date
Severity Level
Warning Number
Target Sector
3 September, 2020
● Medium
2020-1718
All
Description:
IBM has released security updates to address vulnerabilities in the following products:
- IBM Security Guardium
- IBM Java SDK
- IBM Security Guardium
- Go
- IBM API Connect V 2018
- Kernel
- IBM Netezza Host Management
- IBM API Connect's API Manager
- Apache Commons Codec
- IBM WebSphere Service Registry and Repository
- Oracle MySQL
- IBM Security Guardium
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Unauthorized disclosure of information
- Denial of service attack (DoS)
- Escalation of privilege
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-use-of-a-broken-or-risky-cryptographic-algorithm-vulnerability-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-guardium-7/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v-2018-is-impacted-by-a-vulnerability-in-go-golang-cve-2020-7919/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-left-over-debug-code-in-js-files-vulnerability-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-kernel-affects-ibm-netezza-host-management-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connects-api-manager-is-vulnerable-to-privilege-escalationcve-2020-4638/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-commons-codec-affects-ibm-websphere-service-registry-and-repository/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-oracle-mysql-vulnerabilities-5/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-oracle-mysql-vulnerabilities-6/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-use-of-insufficiently-random-value-vulnerability-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-use-of-broken-or-risky-cryptographic-algorithm-vulnerability-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-oracle-mysql-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-improper-restriction-of-excessive-authentication-attempts-vulnerability-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-hard-coded-passwords-vulnerability-4/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connects-developer-portal-is-vulnerable-to-social-engineering-attacks-cve-2020-4337/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-information-exposure-in-html-comments-vulnerability-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connects-developer-portal-is-impacted-by-vulnerabilities-in-mysql/
Rate the content
Share the page
