The official site for Saudi CERT
IBM Updates
1795
Warning Date
Severity Level
Warning Number
Target Sector
8 March, 2020
● High
2020-997
All
Description:
IBM has released security updates to address vulnerabilities in the following products:
- WAS Liberty
- IBM Watson™ Speech Services
- IBM Tivoli Application Dependency Discovery Manager
- IBM API
- WebSphere Application Server
- IBM Watson™ Speech Services
- Oracle MySQL
- API Connect
- IBM® Runtime Environment Java™ Version 7 and Version
- RDS
- RDA
- Curl
- IBM Cloud Pak System
- OS Image for RedHat Enterprise Linux
- IBM JDK
- DataQuant for z/OS
- DataQuant for Multiplatforms
- Netty
- HTTP/TCP Proxy component in Rational Test Virtualization Server
- HTTP/TCP Proxy component in Rational Test Workbench
- Mozzila Firefox
- APM AM
- BAM
- APM SaaS
- APM on-premise
- ICAM
- Open Source Python
- IBM Tivoli Application Dependency Discovery Manager
- Open Source Apache CXF
- IBM Tivoli Application Dependency Discovery Manager
- IBM Tivoli Application Dependency Discovery Manager
- Apache Commons Beanutils in WebSphere Application Server
- Atlas eDiscovery Process Management
- Node.js
- IBM App connect Enterprise
- WebSphere Application Server
- IBM Tivoli Application Dependency Discovery Manager
- Samba
- IBM Spectrum Scale
- IBM Spectrum Scale
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Bypass of a protection mechanism
- Buffer overflow
- Execute arbitrary code – remotely
- Unauthorized disclosure of information
Best practice and Recommendations:
The CERT team encourages users to review IBM security advisory and apply the necessary updates:
- https://www.ibm.com/blogs/psirt/security-bulletin-was-liberty-vunerabilities-affect-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-1-1/
- https://www.ibm.com/blogs/psirt/security-bulletin-api-connects-developer-portal-is-impacted-by-vulnerabilities-in-php/
- https://www.ibm.com/blogs/psirt/security-bulletin-was-liberty-vunerabilities-affect-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-1-1-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-in-websphere-application-server-affects-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-1-1/
- https://www.ibm.com/blogs/psirt/security-bulletin-api-connect-is-impacted-by-multiple-vulnerabilities-in-oracle-mysql/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-directory-server-tivoli-rational-directory-administrator-3/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-curl-used-in-os-image-for-redhat-enterprise-linux-for-cloud-pak-system-cve-2018-16842/
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-oct-2019-includes-oracle-oct-2019-cpu-minus-cve-2019-2949-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-rational-integration-tester-http-tcp-proxy-component-in-rational-test-virtualization-server-and-rational-test-workbench-affected-by-netty-vulnerabilities-cve-2020-7238-cve-2019-16/
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozzila-firefox-less-than-firefox-68-4-esr-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if10-icam-3-0-4-0/
- https://www.ibm.com/blogs/psirt/security-bulletin-python-vulnerability-in-ibm-tivoli-application-dependency-discovery-manager-cve-2019-16935/
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-cxf-publicly-disclosed-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-all-python-publicly-disclosed-vulnerability/
- https://www.ibm.com/blogs/psirt/security-bulletin-bypass-security-restrictions-in-was-liberty-2/
- https://www.ibm.com/blogs/psirt/security-bulletin-3rd-party-stored-cross-site-scripting-in-tivoli-application-dependency-discovery-manager/
- https://www.ibm.com/blogs/psirt/security-bulletin-cookie-created-without-secure-flag-was-liberty-cve-2019-4305/
- https://www.ibm.com/blogs/psirt/security-bulletin-atlas-ediscovery-process-management-is-affected-by-a-vulnerable-to-apache-commons-beanutils-in-websphere-application-server/
- https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-node-js-affects-ibm-app-connect-enterprise-v11/
- https://www.ibm.com/blogs/psirt/security-bulletin-stack-is-displayed-in-websphere-application-server-cve-2019-4441/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-samba-affects-ibm-spectrum-scale-smb-protocol-access-method-cve-2019-14907/
- https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-ibm-spectrum-scale-where-an-attacker-can-cause-a-denial-of-service-cve-2020-4217/
Rate the content
Share the page
