TR-21-0508 (IBM Güvenlik Bülteni Yayınladı)

Genel Bilgi

IBM, farklı ürünlerini etkilemesi muhtemel güvenlik zafiyetlerine ilişkin bülten yayınladı.

Etki

Mevcut güvenlik açıklıkları nedeniyle siber saldırganların zafiyetleri kullanarak saldırılarını gerçekleştirmeleri ihtimal dâhilindedir. Zafiyetlerin CVE kodları aşağıdaki gibidir:

CVE-2021-20492, CVE-2021-20453, CVE-2021-20488, CVE-2021-20494, CVE-2021-20572, CVE-2021-20573, CVE-2021-20574, CVE-2021-20354, CVE-2020-14845, CVE-2020-14828, CVE-2020-14848, CVE-2020-14866, CVE-2020-14844, CVE-2020-14829, CVE-2020-14839, CVE-2020-14861, CVE-2020-14830, CVE-2020-14836, CVE-2020-14827, CVE-2020-14821, CVE-2020-14852, CVE-2020-14846, CVE-2020-14853, CVE-2020-14837, CVE-2020-14812, CVE-2020-14838, CVE-2020-14878, CVE-2020-14860, CVE-2020-14814, CVE-2020-14760, CVE-2020-14786, CVE-2020-14793, CVE-2020-14870, CVE-2020-14769, CVE-2020-14869, CVE-2020-14776, CVE-2020-14789, CVE-2020-14794, CVE-2020-14893, CVE-2020-14773, CVE-2020-14790, CVE-2020-14777, CVE-2020-14672, CVE-2020-14867, CVE-2020-14771, CVE-2020-14868, CVE-2020-14785, CVE-2020-14891, CVE-2020-14775, CVE-2020-14791, CVE-2020-14804, CVE-2020-14888, CVE-2020-14765, CVE-2020-14873, CVE-2020-14800, CVE-2020-14799, CVE-2020-14809, CVE-2020-5258, CVE-2020-2752, CVE-2021-23337, CVE-2020-4189, CVE-2020-4688 ve CVE-2020-4921

Çözüm

Ulusal Siber Olaylara Müdahale Merkezi (USOM) kullanıcı ve sistem yöneticilerine dokümanını gözden geçirmelerini ve gerekli güncellemelerin yapılmasını tavsiye etmektedir.

Kaynaklar

https://www.ibm.com/support/pages/node/6465965

https://exchange.xforce.ibmcloud.com/vulnerabilities/197793

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20492

https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-used-by-ibm-infosphere-master-data-management-3/

https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-have-been-identified-in-ibm-websphere-application-server-used-by-ibm-infosphere-master-data-management-3/

2021-06-23