TR-21-0448 (IBM Güvenlik Bülteni Yayınladı)

Genel Bilgi

IBM, farklı ürünlerini etkileyen zafiyetler için bülten yayınladı.

Etki

Mevcut güvenlik açıklıkları nedeniyle siber saldırganların zafiyetleri kullanarak saldırılarını gerçekleştirmeleri ihtimal dâhilindedir. Zafiyetlerin CVE kodları aşağıdaki gibidir:

CVE-2020-14779, CVE-2020-14782, CVE-2020-14803, CVE-2020-27221, CVE-2021-23839, CVE-2021-23840, CVE-2021-23841, CVE-2020-15366, CVE-2021-21985, CVE-2020-35513, CVE-2020-8284, CVE-2020-8286, CVE-2020-8285, CVE-2021-29666, CVE-2021-29667, CVE-2020-14845, CVE-2020-14828, CVE-2020-14848, CVE-2020-14866, CVE-2020-14844, CVE-2020-14829, CVE-2020-14839, CVE-2020-14861, CVE-2020-14830, CVE-2020-14836, CVE-2020-14827, CVE-2020-14821, CVE-2020-14852, CVE-2020-14846, CVE-2020-14853, CVE-2020-14837, CVE-2020-14812, CVE-2020-14838, CVE-2020-14878, CVE-2020-14860, CVE-2020-14814, CVE-2020-14760, CVE-2020-14786, CVE-2020-14793, CVE-2020-14870, CVE-2020-14769, CVE-2020-14869, CVE-2020-14776, CVE-2020-14789, CVE-2020-14794, CVE-2020-14893, CVE-2020-14773, CVE-2020-14790, CVE-2020-14777, CVE-2020-14672, CVE-2020-14867, CVE-2020-14771, CVE-2020-14868, CVE-2020-14785, CVE-2020-14891, CVE-2020-14775, CVE-2020-14791, CVE-2020-14804, CVE-2020-14888, CVE-2020-14765, CVE-2020-14873, CVE-2020-14800, CVE-2020-14799, CVE-2020-14809, CVE-2019-12528, CVE-2020-8449, CVE-2020-8450, CVE-2020-15049, CVE-2020-15810, CVE-2020-15811, CVE-2020-24606, CVE-2021-20426, CVE-2019-19956, CVE-2019-20388, CVE-2020-7595, CVE-2021-20419, CVE-2021-20385, CVE-2020-5259, CVE-2020-5258, CVE-2019-10785, CVE-2019-14866, CVE-2019-12450, CVE-2019-14822, CVE-2020-13401, CVE-2020-12049, CVE-2019-12749, CVE-2019-5482, CVE-2020-8177, CVE-2021-20386, CVE-2019-5094, CVE-2019-5188, CVE-2019-11719, CVE-2021-20389, CVE-2020-12825, CVE-2021-21284, CVE-2021-21285, CVE-2020-10754, CVE-2021-20428, CVE-2021-3156, CVE-2020-4869, CVE-2020-1971, CVE-2020-5008, CVE-2018-18751, CVE-2020-1968 ve CVE-2021-20517

Çözüm

Ulusal Siber Olaylara Müdahale Merkezi (USOM) kullanıcı ve sistem yöneticilerine dokümanını gözden geçirmelerini ve gerekli güncellemelerin yapılmasını tavsiye etmektedir.

Kaynaklar

https://www.ibm.com/support/pages/node/6459629

https://exchange.xforce.ibmcloud.com/vulnerabilities/190097X-Force

https://exchange.xforce.ibmcloud.com/vulnerabilities/190100X-Force

https://exchange.xforce.ibmcloud.com/vulnerabilities/190121X-Force

https://exchange.xforce.ibmcloud.com/vulnerabilities/195353

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14779

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14782

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14803

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27221

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-jre-in-ibm-datapower-gateway/

2021-06-07