—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.1785.2
Security Bulletin: IBM Resilient SOAR is Using Components
with Known Vulnerabilities – Java SE (CVE-2020-14782)
24 May 2021
===========================================================================
AusCERT Security Bulletin Summary
———————————
Product: IBM Resilient SOAR
Publisher: IBM
Operating System: Linux variants
Impact/Access: Reduced Security — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-14782
Reference: ASB-2020.0175
ESB-2021.1216
ESB-2021.1146
ESB-2021.0914
Original Bulletin:
https://www.ibm.com/support/pages/node/6454197
Revision History: May 24 2021: Minor text fixes
May 21 2021: Initial Release
– ————————–BEGIN INCLUDED TEXT——————–
IBM Resilient SOAR is Using Components with Known Vulnerabilities – Java SE
(CVE-2020-14782)
Document Information
Document number : 6454197
Modified date : 18 May 2021
Product : IBM Resilient
Software version : IBM Resilient SOAR v38.0
Operating system(s): Linux
Summary
IBM Resilient SOAR is Using Components with Known Vulnerabilities – Java SE
(CVE-2020-14782)
Vulnerability Details
CVEID: CVE-2020-14782
DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries
component could allow an unauthenticated attacker to cause no confidentiality
impact, low integrity impact, and no availability impact.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
190100 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Products and Versions
+——————-+—————–+
|Affected Product(s)|Version(s) |
+——————-+—————–+
|Resilient OnPrem |IBM Security SOAR|
+——————-+—————–+
Remediation/Fixes
Users must upgrade to v41.0 of IBM Resilient in order to obtain a fix for this
vulnerability. This upgrades the version of IBM Java SDK to 8.0 Service Refresh
6 Fix Pack 26.
You can upgrade the platform by following the instructions in the ” Upgrade
Procedure ” section in the IBM Knowledge Center.
Workarounds and Mitigations
None
Change History
17 May 2021: Initial Publication
– ————————–END INCLUDED TEXT——————–
You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYKr16eNLKJtyKPYoAQiXLw/5AYroO2dlOqlTuFUMgOgwc9X1SMuBLkeT
sSd1zrLI4tcXG0gmgWmGVpvA8y3p7WfWON6XnXauw6vviNU0/Itg350ub+0EYXqd
88hBKtLEin8d8cCrdD4hPDXy1Zmlb+kmiLFiJ1X5lNusIXVgdFDI8EhW/vNtKZ82
0Dd8pEj9zxvO+n/CSgZjUh9BvJzZbZY5JL/3+AN7eMN48nBCrToCqWGrC/qhr9Hz
USbkfzy7hhWbraEAjV6NQb/+nuUE6eQxFmNlK50qm23vPaONuloCMxDOf5VM8SNt
NdWydZAC2r0Jhv/RCCMF+8LLJhuMkM5qV37Pvnmvls4hQbJF5dt2LAH2eA402aRP
HI8bTXSNdIC2S12Ol2WGgVHuAec2rhAXZuu0z5oq6TaIbHGbOByNZ1ER9OlW61ZQ
PR0AdXlsZVVxKEcxd9p7oDn552pAJ60iegViqTJ9eML0xdRso9K7xfLGyACMZ+BV
9deKHtix3PPCSaVxwposEJRD6nIj24/EObOKLXSSp9aElcuEET6ZHVQUlU70/4Aw
d74sd6R0O/Ao7DRH2+WLZ0x3Au8sao6iS/exluQyoOnSdvuHfP2e1CaCYVd1q+Tc
MoT9IL7Cyiv+JFOq1ZZHo9BGQqj1HfpNr8llxCmsrbgeVvDrcWUjwGqv8JrQ6j/D
TwGWyvjdLAs=
=jigH
—–END PGP SIGNATURE—–
The post ESB-2021.1785.2 – UPDATE [Linux] IBM Resilient SOAR: Reduced security – Remote/unauthenticated appeared first on Malware Devil.
https://malwaredevil.com/2021/05/24/esb-2021-1785-2-update-linux-ibm-resilient-soar-reduced-security-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1785-2-update-linux-ibm-resilient-soar-reduced-security-remote-unauthenticated
No comments:
Post a Comment