[Security Information] IBM application server products have discovered information disclosure vulnerabilities and need to be upgraded as soon as possible - Code World

[Security Information] IBM application server products have discovered information disclosure vulnerabilities and need to be upgraded as soon as possible

Others 2021-01-23 10:13:08 views: null

Source: TechWeb.com.cn
Release time: 2021-01-05

IBM WebSphere Application Server (WAS) is an application server product of IBM in the United States. This product is a platform for JavaEE and Web service applications, as well as the foundation of the IBM WebSphere software platform. After installing and deploying Rational Asset Manager in WAS, enterprises can effectively manage and reuse all types of assets in a distributed development environment.

On January 4, IBM released a security update that fixes some important vulnerabilities previously discovered in IBM WebSphere Application Server. The following are the details of the vulnerability:

Vulnerability details

CVE-2020-4329 Severity: Important

In the WebSphere Application Server (WAS) management console where Rational Asset Manager (RAM) is deployed, vulnerabilities have been observed, such as allowing remote attackers to access the class loader through class attributes, and authenticated attackers obtaining incorrect Sensitive information caused by parameter checking can be used to carry out spoofing attacks.

Affected products and versions

The above vulnerabilities affect the deployment of the following WAS versions of IBM Rational Asset Manager 7.5.1, 7.5.2.x, 7.5.3.x and 7.5.4.x:

IBM WebSphere Application Server versions 7.0, 8.0, 8.5 and 9.0.

Note: Rational Asset Manager 7.5.2 and later versions do not support embedded WebSphere Application Server.

solution

For traditional WebSphere Application Server and WebSphere Application Server Hypervisor Edition:

For V9.0.0.0 to 9.0.5.3: ·

Upgrade to the lowest fix pack level according to the interim fix requirements, and then apply the interim fix PH20847. -Or-·Apply Fix Pack 9.0.5.4 or higher (target availability 2Q2020).

For V8.5.0.0 to 8.5.5.17: ·

Upgrade to the lowest fix pack level according to the interim fix requirements, and then apply Interim Fix PH20847. -Or-·Apply fix pack 8.5.5.18 or higher (target availability is 3Q2020).

For V8.0.0.0 to 8.0.0.15: ·

Upgrade to 8.0.0.15, and then apply Interim Fix PH20847.

For V7.0.0.0 to 7.0.0.45: ·

Upgrade to 7.0.0.45, and then apply Interim Fix PH20847.

Guess you like

Origin blog.csdn.net/YiAnSociety/article/details/112278968

[Security Information] IBM application server products have discovered information disclosure vulnerabilities and need to be upgraded as soon as possible

Cloud Security Daily 210128: IBM's corporate asset information security protection solution found a denial of service vulnerability and needs to be upgraded as soon as possible...

Information security products

[Security Information] Researchers have discovered a new type of "shadow attack": it can hide, replace and tamper with PDF content

[Security Information] Well-known Node.js components have code injection vulnerabilities

bugku broadband information disclosure

Information disclosure vulnerability

SNMP Information Disclosure Vulnerability

Fund information disclosure

Information disclosure svn source code disclosure

[Security Information] Intel admits that the financial report information disclosure system has loopholes in the release program rather than "hacking"

Information Disclosure CVE / POC finishing

Information disclosure backup file download

CTFhub-phpinfo (information disclosure)

Information security testing and application information system security testing

Canonical releases three Ubuntu security patches to fix denial of service and information disclosure issues

Selected Government Security Information Issue 2 2017: UK and US attach importance to IoT security_Vulnerability disclosure and security talent training

Infineon's application in vehicle information security

Application of artificial intelligence in the field of information security

information security

Android Vulnerability Mining - Information Disclosure Vulnerability

IBM QRadar Advisor vulnerabilities to bypass security restrictions

Why do companies need to apply for information security service qualifications?

[Security Information] Microsoft Security Center Announcement: Dotnet explodes high-risk remote execution vulnerabilities

[Security Information] IBM Security: Cyber Attacks on Multiple Industries Helping to Fight the New Coronary Pneumonia

[Security Information] Why does the demand for application development security skills explode?

Information Security Job 5 - Application of Hash Function and Its Security +2016012008

[Information Security]-Security Protocol

type information - The Need for RTTI

Wok stew yourself! Write bug was caught national information sharing platform security vulnerabilities [follow-up]

Recommended

Ranking

error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘

Database migration between Navicat servers

Minimum number of rotation of the array: Array

balenaEtcher for mac (make a boot disk software) v1.5.67

Custom processing serialization and deserialization in jackson

Mu-en-mask system development software

Mastering Regular Expressions

Find mileage Java--

Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions

[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite

Daily

More

2024-05-12(28)

2024-05-11(32)

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)

2024-05-05(0)

2024-05-04(18)

2024-05-03(8)