IBM has released security patches to address high- and medium-severity vulnerabilities impacting some of its enterprise solutions. 

IBM has released security updates to address several high- and medium-severity flaws affecting some of its enterprise products, including IBM Java Runtime, IBM Planning Analytics Workspace, and IBM Kenexa LMS On Premise. 

360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

Two issues, tracked as CVE-2020-14782 and CVE-2020-27221, affect Runtime Environment Java 7 and 8 which is used in IBM Integration Designer.

IBM Integration Designer is a complete authoring environment that you use for end-to-end integration in your service-oriented architecture (SOA). Based on Eclipse, Integration Designer is a tool for building SOA-based business process management and integration solutions across Business Automation Workflow and WebSphere Adapters. 

The most severe issue, tracked as CVE-2020-27221, is a stack-based buffer overflow that resides in Eclipse OpenJ9. The issue could be used by remote attackers to execute arbitrary code or cause an application crash. 

“Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.” reads the advisory.

The vulnerability received a CVSS base score of 9.8.

The CVE-2020-14782 flaw affects the Java SE’s library component that could be exploited by attackers to compromise Java SE via multiple protocols.

“An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.” reads the advisory published by IBM.

Big Blue also published an advisory to report five vulnerabilities in the Planning Analytics Workspace, which is a component of Planning Analytics, a collaboration and management planning product.

The most severe issues are CVE-2020-8251 and CVE-2020-25649, that are a denial of service and a buffer overflow issue respectively. Both received a CVSS Base score of 7.5.

The IT giant also addressed five low-impact vulnerabilities in IBM Kenexa LMS On Premise, which is an enterprise learning management system.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Pierluigi Paganini

(SecurityAffairs – hacking, IBM)

The post IBM addressed flaws in Java Runtime, Planning Analytics Workspace, Kenexa LMS appeared first on Security Affairs.

By admin