TR-21-0484 (IBM Güvenlik Bülteni Yayınladı)

Genel Bilgi

IBM, farklı ürünlerini etkileyecek güvenlik zafiyetlerine ilişkin bülten yayınladı.

Etki

Mevcut güvenlik açıklıkları nedeniyle siber saldırganların zafiyetleri kullanarak saldırılarını gerçekleştirmeleri ihtimal dâhilindedir. Zafiyetlerin CVE kodları aşağıdaki gibidir:

CVE-2020-1968, CVE-2021-20567, CVE-2021-20483, CVE-2021-20488, CVE-2020-14781, CVE-2020-2773, CVE-2021-20566, CVE-2021-20532, CVE-2021-28163, CVE-2021-28164, CVE-2021-28165, CVE-2021-23839, CVE-2021-23840, CVE-2020-13938, CVE-2021-30641, CVE-2021-20492, CVE-2021-29672, CVE-2021-20546, CVE-2021-29702, CVE-2021-2161, CVE-2020-27221, CVE-2020-14782, CVE-2020-13575, CVE-2020-13578, CVE-2020-13574, CVE-2020-13577, CVE-2020-13576, CVE-2020-21783, CVE-2021-22884 ve CVE-2021-22883

Çözüm

Ulusal Siber Olaylara Müdahale Merkezi (USOM) kullanıcı ve sistem yöneticilerine dokümanını gözden geçirmelerini ve gerekli güncellemelerin yapılmasını tavsiye etmektedir.

Kaynaklar

https://www.ibm.com/support/pages/node/6463283

https://exchange.xforce.ibmcloud.com/vulnerabilities/187977

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1968

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-soar-is-using-components-with-known-vulnerabilities-java-se-cve-2020-2773-2/

https://www.ibm.com/support/pages/node/6462301

https://exchange.xforce.ibmcloud.com/vulnerabilities/179673

https://www.ibm.com/blogs/psirt/security-bulletin-resilient-supports-tls1-2-ciphers-that-are-not-enabled-for-perfect-forward-secrecy-pfs-cve-2021-20566/

https://www.ibm.com/support/pages/node/6464043

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-affected-by-an-openssl-vulnerability-cve-2020-1968/

2021-06-16