The official site for Saudi CERT
IBM Updates
2898
Warning Date
Severity Level
Warning Number
Target Sector
17 February, 2020
● Medium
2020-919
All
Description:
IBM has released security updates to address vulnerabilities in the following products:
- OpenSSL
- IBM Netezza Analytics
- IBM Aspera High-Speed Transfer Server
- IBM Aspera High-Speed Transfer Endpoint
- IBM Aspera Desktop Client
- Sterling Connect:Direct for HP NonStop
- IBM Aspera Connect
- RTC
- IBM Spectrum Protect Plus
- Apache Tomcat
- IBM Platform Symphony
- IBM Cognos Controller
- Rational Publishing Engine
- Expat affects IBM Netezza Analytics
- IBM Tivoli Monitoring
- UCD – IBM UrbanCode Deploy
- IBM Java Runtime
- RDS
- RDA
- Financial Transaction Manager for Digital Payments for Multi-Platform
- IBM CICS Transaction Gateway
- Nimbus JOSE+JWT
- IBM Watson Machine Learning Accelerator
- IBM UrbanCode Deploy (UCD)
- IBM Network Performance Insight
- Oracle Outside In Technology
- RDNG
- DNG
- IBM Java SDK
- InfoSphere Information Server
- Information Server on Cloud
- InfoSphere Streams
- IBM Cloud Private – Go
- Tivoli Common Reporting (TCR) interim
- Websphere Liberty and OpenLiberty
- InfoSphere Streams
- WebSphere Application Server Liberty
- IBM Cloud Private VM Quickstarter
- Log Analysis
- IBM Cloud Private
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Sensitive information disclosure
- Escalation of privilege
- Man in the middle attack
- Buffer overflow
- Denial of service attack (DoS)
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-in-openssl-affect-ibm-netezza-analytics/
- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilites-impacting-aspera-high-speed-transfer-server-aspera-desktop-client-3-9-1-and-earlier-cve-2018-0734/
- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilites-impacting-aspera-high-speed-transfer-server-aspera-desktop-client-3-9-1-and-earlier-cve-2019-1559/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-tomcat-affects-ibm-platform-symphony/
- https://www.ibm.com/blogs/psirt/security-bulletin-curl-vulnerabilities-cve-2019-5443-impact-ibm-aspera-high-speed-transfer-server-ibm-aspera-high-speed-transfer-client-ibm-aspera-desktop-client-3-9-1-and-earlier/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-controller-2020q1-security-updater-multiple-security-vulnerabilities-have-been-identified-in-ibm-cognos-controller/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-rational-publishing-engine/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-sterling-connectdirect-for-hp-nonstop/
- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilites-cve-2019-1563-cve-2019-1547-impacting-ibm-aspera-high-speed-transfer-server-3-9-1-aspera-high-speed-transfer-endpoint-aspera-desktop-client-3-9-1-and-ear/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-in-expat-affects-ibm-netezza-analytics/
- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilites-cve-2019-1552-impacting-ibm-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-3-9-1-and-earlier/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-monitoring-basic-services-component-cve-2019-15903/
- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-0199-the-http-2-implementation-in-embded-apache-tomcat-denial-of-service-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-4666-ibm-urbancode-build-ucb-could-allow-a-local-user-to-obtain-sensitive-information-by-unmasking-certain-secure-values-in-documents/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-directory-server-tivoli-rational-directory-administrator-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerability-affects-ibm-rational-team-concert/
- https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-4666-ibm-urbancode-deploy-ucd-could-allow-a-local-user-to-obtain-sensitive-information-by-unmasking-certain-secure-values-in-documents/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-runtime-affect-financial-transaction-manager-for-digital-payments/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-affect-ibm-network-performance-insight-cve-2019-14379-cve-2019-17531-cve-2019-14439-and-cve-2019-14540/
- https://www.ibm.com/blogs/psirt/security-bulletin-oracle-outside-in-technology-vulnerability-in-rational-doors-next-generation/
- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerability-affects-ibm-rational-team-concert-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-oct-2019-multiple-vulnerabilities-in-ibm-java-runtime-affect-cics-transaction-gateway/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-affecting-ibm-network-performance-insight-cve-2019-16335/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-affecting-ibm-network-performance-insight-cve-2019-12402/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-ibm-infosphere-information-server/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-commons-compress/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-affects-ibm-cloud-private-go-cve-2019-17596/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-common-reporting-tcr-interim-fixes-address-security-vulnerability-and-exposure-cve-2018-1902/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-websphere-liberty-and-openliberty/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-websphere-application-server-liberty-in-ibm-cloud-private-vm-quickstarter/
- https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-private-kubernetes-cve-2019-17110-cve-2019-10223-cve-2019-11253/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-sdk-java-technology-edition-quarterly-cpu-oct-2019-includes-oracle-oct-2019-cpu-minus-cve-2019-2949/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-plus-cve-2018-0735-cve-2018-0734-cve-2018-5407/
- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-websphere-application-server-liberty-bundled-with-ibm-operations-analytics-log-analysis-cve-2019-4305/
Rate the content
Share the page
