IBM has issued safety patches designed to resolve high- and medium-severity bugs impacting the tech large’s enterprise software program options.
This week, the tech large printed a set of safety advisories laying out fixes for vulnerabilities that affect IBM Java Runtime, IBM Planning Analytics Workspace, and IBM Kenexa LMS On Premise.
The primary advisory addresses CVE-2020-14782 and CVE-2020-27221, two safety flaws in IBM Runtime Surroundings Java 7 and eight that are utilized by IBM Integration Designer — enterprise software program used to combine knowledge and purposes into present enterprise processes — in IBM’s Enterprise Automation Workflow and Enterprise Course of Supervisor software program suites.
CVE-2020-14782 is a bug in Java SE’s library element that would permit attackers to compromise Java SE by way of a number of protocols, however this takes a sandbox surroundings to set off and so is taken into account tough to use.
CVE-2020-27221, nonetheless, is of much more concern and has been issued a CVSS base rating of 9.8, a essential ranking. This stack-based buffer overflow vulnerability pertains to Eclipse OpenJ9 and may very well be utilized by distant attackers to execute arbitrary code or trigger an utility crash.
The second advisory focuses on IBM Planning Analytics Workspace, a element of Planning Analytics, the agency’s collaboration and administration planning software program. In complete, 5 vulnerabilities that affect the software program have been resolved, together with a Node.js HTTP request smuggling challenge (CVE-2020-8201), CVE-2020-8251 — a Node.js denial of service flaw — and a Node.js buffer overflow bug, CVE-2020-8252, that may very well be exploited by attackers to execute arbitrary code.
Two additional vulnerabilities, a knowledge integrity weak point that may be triggered by way of XML exterior entity (XXE) assaults in FasterXML Jackson Databind (CVE-2020-25649), and CVE-2020-4953, an issue in Workspace that would permit distant — however authenticated — attackers to steal delicate knowledge uncovered in HTTP responses — have additionally been tackled.
IBM additionally posted a safety advisory describing vulnerabilities affecting IBM Kenexa LMS On Premise, an enterprise studying administration system. In complete, 5 low-impact bugs have been patched, all of which relate to the usage of Java SE and will result in issues together with denial of service and potential knowledge theft if mixed with different assault vectors.
Final week, IBM issued safety bulletins for IBM Spectrum Symphony 7.3.1 and IBM Spectrum Conductor 2.5.0 and upgrades to third-party libraries which might be prone to a variety of vulnerabilities.
Earlier and associated protection
Have a tip? Get in contact securely by way of WhatsApp | Sign at +447713 025 499, or over at Keybase: charlie0