The official site for Saudi CERT
IBM Updates
1720
Warning Date
Severity Level
Warning Number
Target Sector
27 September, 2020
● High
2020-1842
All
Description:
IBM has released security updates to address vulnerabilities in the following products:
- Kernel
- IBM Netezza Host Management
- WebSphere Application Server and IHS server
- IBM Tivoli Monitoring 6.3.0 Fix Pack 7 Service Pack 5
- IBM Security Secret Server all versions prior to 10.9
- IBM Security Privilege Manager all versions prior to 10.8
- IBM Java Runtime
- IBM Spectrum Conductor with Spark 2.2.1
- IBM Spectrum Conductor 2.2.1, 2.4.0, 2.4.1, 2.3.0
- Apache Struts
- IBM Tivoli Netcool/OMNIbus_GUI 8.1.x
- IBM Business Automation Workflow V20.0, V19.0, V18.0
- IBM Business Process Manager V8.6, V8.5, V8.0
- WebSphere Application Server 9.0, 8.5, 8.0, 7.0
- Java SDK
- IBM Engineering Workflow Management EWM 7.0.1
- RTC 6.0.2
- RTC 6.0.6.1
- EWM 7.0
- RTC 6.0.6
- Rhapsody DM 6.0.6
- IBM Engineering Systems Design Rhapsody – Design Manager RDM 7.0.1
- Rhapsody DM 6.0.6.1
- Rhapsody DM 6.0.2
- RDM 7.0
- RDNG 6.0.2
- DOORS Next 7.0
- IBM Engineering Requirements Management DOORS Next DOORS Next 7.0.1
- RDNG 6.0.6.1
- RDNG 6.0.6
- CLM 6.0.6.1
- CLM 6.0.6
- ELM 7.0
- CLM 6.0.2
- ELM 7.0.1
- RQM 6.0.6.1
- IBM Engineering Test Management ETM 7.0.1
- RQM 6.0.6
- ETM 7.0.0
- RQM 6.0.2
- RELM 6.0.6.1
- IBM Engineering Lifecycle Optimization – Engineering Insights ENI 7.0.1
- RELM 6.0.6
- ENI 7.0
- RELM 6.0.2
- IBM Engineering Systems Design Rhapsody All
- InfoSphere Information Server 11.7
- Java
- IBM Control Center 6.1.3, 6.0.0.2
- IBM Enterprise Records 5.2.1
- Redis
- IBM Event Streams 10.0.0, CDR
- Go runtime
- IBM Event Streams 2018.3.0, CDR
- Node.js http-proxy and lodash module
- IBM Event Streams 2018.3.0, CDR
- OpenSSL
- IBM Cloud Private 3.2.0 CD, 3.2.1 CD
- Node.js lodash
- IBM Cloud Private 3.2.1 CD, 3.2.2 CD
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Sensitive information disclosure
- Denial of service attack (DoS)
- Execute arbitrary code -remotely
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-kernel-affects-ibm-netezza-host-management-7/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-tivoli-monitoring-embedded-websphere-application-and-ihs-server-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-kernel-affects-ibm-netezza-host-management-8/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-ibm-security-verify-privilege-vault-previously-known-as-ibm-security-secret-server/
- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-kernel-affect-ibm-netezza-host-management-6/
- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-kernel-affects-ibm-netezza-host-management-9/
- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-kernel-affect-ibm-netezza-host-management-7/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-ibm-security-verify-privilege-manager-previously-known-as-ibm-security-privilege-manager/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-conductor-and-ibm-spectrum-conductor-with-spark-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-from-kernel-affects-ibm-netezza-host-management-10/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-apache-struts-affect-tivoli-netcool-omnibus-webgui-cve-2019-0233-cve-2019-0230/
- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-4531/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affect-ibm-spectrum-conductor-and-ibm-spectrum-conductor-with-spark/
- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-an-information-exposure-vulnerability-cve-2020-4643-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affect-ibm-spectrum-conductor-and-ibm-spectrum-conductor-with-spark-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-ibm-java-sdk-july-2020-cpu-plus-cve-2020-2590-and-cve-2020-2601-affect-multiple-ibm-continuous-engineering-products-based-on-ibm-jazz-technology/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-vulnerable-to-cross-frame-scripting/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-java-vulnerabilities-impact-ibm-control-center/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-commons-codec-vulnerability-affects-ibm-control-center/
- https://www.ibm.com/blogs/psirt/security-bulletin-dynamically-constructed-href-attribute-in-ibm-enterprise-records/
- https://www.ibm.com/blogs/psirt/security-bulletin-insecure-use-of-innerhtml-or-outerhtml-in-ibm-enterprise-records/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affected-by-a-redis-vulnerability-cve-2020-14147/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affected-by-a-vulnerability-in-the-go-runtime-cve-2020-16845/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-event-streams-is-affected-by-a-node-js-http-proxy-and-lodash-module-vulnerabilities/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-private-openssl-cve-2019-1563-cve-2019-1549-cve-2019-1547-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-a-node-js-lodash-vulnerability-cveid-183560/
Rate the content
Share the page
