IBM has issued safety patches designed to resolve high- and medium-severity bugs impacting the tech large’s enterprise software program options.
This week, the tech large printed a set of safety advisories laying out fixes for vulnerabilities that impression IBM Java Runtime, IBM Planning Analytics Workspace, and IBM Kenexa LMS On Premise.
The primary advisory addresses CVE-2020-14782 and CVE-2020-27221, two safety flaws in IBM Runtime Surroundings Java 7 and eight that are utilized by IBM Integration Designer — enterprise software program used to combine knowledge and functions into current enterprise processes — in IBM’s Enterprise Automation Workflow and Enterprise Course of Supervisor software program suites.
CVE-2020-14782 is a bug in Java SE’s library element that would enable attackers to compromise Java SE through a number of protocols, however this takes a sandbox surroundings to set off and so is taken into account tough to use.
CVE-2020-27221, nonetheless, is of way more concern and has been issued a CVSS base rating of 9.8, a vital score. This stack-based buffer overflow vulnerability pertains to Eclipse OpenJ9 and may very well be utilized by distant attackers to execute arbitrary code or trigger an software crash.
The second advisory focuses on IBM Planning Analytics Workspace, a element of Planning Analytics, the agency’s collaboration and administration planning software program. In whole, 5 vulnerabilities that impression the software program have been resolved, together with a Node.js HTTP request smuggling challenge (CVE-2020-8201), CVE-2020-8251 — a Node.js denial of service flaw — and a Node.js buffer overflow bug, CVE-2020-8252, that may very well be exploited by attackers to execute arbitrary code.
Two additional vulnerabilities, a knowledge integrity weak spot that may be triggered through XML exterior entity (XXE) assaults in FasterXML Jackson Databind (CVE-2020-25649), and CVE-2020-4953, an issue in Workspace that would enable distant — however authenticated — attackers to steal delicate knowledge uncovered in HTTP responses — have additionally been tackled.
IBM additionally posted a safety advisory describing vulnerabilities affecting IBM Kenexa LMS On Premise, an enterprise studying administration system. In whole, 5 low-impact bugs have been patched, all of which relate to using Java SE and will result in issues together with denial of service and potential knowledge theft if mixed with different assault vectors.
Final week, IBM issued safety bulletins for IBM Spectrum Symphony 7.3.1 and IBM Spectrum Conductor 2.5.0 and upgrades to third-party libraries which can be prone to a variety of vulnerabilities.
Earlier and associated protection
Have a tip? Get in contact securely through WhatsApp | Sign at +447713 025 499, or over at Keybase: charlie0