The official site for Saudi CERT
IBM Updates
2869
Warning Date
Severity Level
Warning Number
Target Sector
2 February, 2020
● Medium
2020-870
All
Description:
IBM has released security updates to address vulnerabilities in the following products:
- IBM MQ and IBM MQ Appliancetigervnc
- IBM WebSphere MQ V7.1
- IBM WepSphere MQ V7.5
- IBM MQ and IBM MQ Appliance V8
- IBM MQ V9.0LTS
- IBM MQ and IBM MQ Appliance V9.1 LTS
- IBM MQ and IBM MQ Appliance V9.1 CD
- Unified Extensible Firmware Interface (UEFI)
- BladeCenter HS23 7875/1929
- BladeCenter HS23E 8038/8039
- Flex System x220 2585/7906
- Flex System x222 7916
- Flex System x240 7863/8737/8738/8956
- Flex System x440 7917
- Flex System x280 X6, x480 X6, x880 X6 7903
- System x iDataPlex dx360 M4 7912/7913, and Water Cooled
- System x NeXtScale nx360 M4 5455
- System x3100 M5 5457
- System x3250 M5 5458
- System x3300 M4 7382
- System x3500 M4 7383
- System x3550 M4 7914
- System x3630 M4 7158
- System x3530 M4 7160
- System x3650 M4 7915
- System x3650 M4 HD 5460
- System x3650 M4 BD 5466
- System x3750 M4 8718/8722/8733/8752
- System x3850 x6 3837/3839
- System x3950 x6 3839
- jackson-databind utilities
- ISAM
- IBM WebSphere Application Server
- Content Collector for Email
- WebSphere Application Server Liberty
- Rational Asset Analyzer (RAA)
- Watson Explorer
- IBM Watson Explorer Deep Analytics Edition oneWEX Components
- IBM Watson Explorer Deep Analytics Edition Analytical Components
- IBM Watson Explorer Deep Analytics Edition Annotation Administration Console
- IBM Watson Explorer Analytical Components
- IBM Watson Explorer Foundational Components Annotation Administration Console
- IBM Watson Explorer Deep Analytics Edition Foundational Components
- IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™
- IBM i
- IBM Cloud Pak for Data
- ICP – Discovery
- IBM StoredIQ
- Golang
- API Connect
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Execute arbitrary code – remotely
- Escalation of privilege
- Sensitive information disclosure
- Denial of service attack (DoS)
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-and-ibm-mq-appliance-are-vulnerable-to-a-denial-of-service-attack-caused-by-specially-constructed-messages-cve-2019-4432/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-released-unified-extensible-firmware-interface-uefi-fixes-in-response-to-intel-escalation-of-privilege-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-the-jackson-databind-routines-fixed-in-ibm-security-access-manager-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-content-collector-for-email-is-affected-by-a-information-disclosure-vulnerability-in-websphere-application-server/
- https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-a-denial-of-service-cve-2019-4720/
- https://www.ibm.com/blogs/psirt/security-bulletin-asset-analyzer-raa-is-affected-by-a-websphere-application-server-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-exists-in-watson-explorer-cve-2019-4441/
- https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-raa-is-affected-by-a-websphere-application-server-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-affects-watson-explorer-foundational-components-cve-2019-1552/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-i/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-ibm-sdk-java-technology-edition/
- https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-raa-is-affected-by-several-websphere-application-server-vulnerabilities/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-multiple-vulnerabilities-in-java/
- https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-raa-is-affected-by-a-was-vulnerability-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-ibm-storediq-cve-2020-4224/
- https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-is-affected-by-a-websphere-application-server-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-raa-is-affected-by-a-websphere-application-server-vulnerability-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-golang-cve-2019-17596/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-affect-watson-explorer-foundational-components-cve-2019-1563-cve-2019-1549-cve-2019-1547/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-apache-log4j/
- https://www.ibm.com/blogs/psirt/security-bulletin-rational-asset-analyzer-is-affected-by-a-websphere-application-server-vulnerability-2/
Rate the content
Share the page
