TR-21-0384 (IBM Güvenlik Bülteni Yayınladı)

Genel Bilgi

IBM farklı ürünlerini etkileyen zafiyetler için güvenlik bülteni yayınladı.

Etki

Mevcut güvenlik açıklıkları nedeniyle siber saldırganların zafiyetleri kullanarak saldırılarını gerçekleştirmeleri ihtimal dâhilindedir. Zafiyetlerin CVE kodları aşağıdaki gibidir:

CVE-2020-4987, CVE-2021-20454, CVE-2015-5237, CVE-2019-17195, CVE-2012-6708, CVE-2015-9251, CVE-2020-11022, CVE-2020-11023, CVE-2011-4969, CVE-2017-18640, CVE-2020-15250, CVE-2020-4979, CVE-2021-20401, CVE-2020-4932, CVE-2020-4929, CVE-2020-14577, CVE-2020-14578, CVE-2020-14579, CVE-2020-5013, CVE-2020-14782, CVE-2020-14781, CVE-2020-4993, CVE-2020-4883 ve CVE-2020-13943

Çözüm

Ulusal Siber Olaylara Müdahale Merkezi (USOM) kullanıcı ve sistem yöneticilerine dokümanını gözden geçirmelerini ve gerekli güncellemeleri yapılmasını tavsiye etmektedir.

Kaynaklar

https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-is-vulnerable-to-an-xml-external-entity-xxe-injection-vulnerability-cve-2021-20454-2/

https://www.ibm.com/support/pages/node/6449268

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4987

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-8/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5237

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17195

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6708

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9251

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4987

2021-05-05