The official site for Saudi CERT
IBM Updates
2365
Warning Date
Severity Level
Warning Number
Target Sector
5 February, 2020
● Medium
2020-885
All
Description:
IBM has released security updates to address vulnerabilities in the following products:
- SQLite
- IBM Performance Management – Response Time Monitoring Agent
- IBM Cloud Application Performance Management – Response Time Monitoring Agent
- IBM Tivoli Composite Application Manager for Transactions (Response Time)
- IBM Tivoli Composite Application Manager for Transactions (Response Time)
- IBM Planning Analytics
- IBM Cloud Automation Manager
- IBM® Java SDK
- WebSphere Application Server
- WebSphere Application Server
- WebSphere Application Server Liberty
- WebSphere Application Server Admin Console
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Cross-site request forgery (CSRF)
- Unauthorized disclosure of information
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlite-affects-ibm-cloud-application-performance-managment-r-esponse-time-monitoring-agent-cve-2019-16168/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-local-is-affected-by-a-security-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-automation-manager-is-affected-by-an-issue-with-insecure-cookie-path-attribute-cve-2019-4616/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-websphere-application-server-january-2020-cpu/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulneraqbility-in-sqlite-affects-ibm-cloud-application-performance-managment-response-time-monitoring-agent-cve-2019-16168/
- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-websphere-application-server-admin-console-cve-2019-4670/
Rate the content
Share the page
