Friday, July 23, 2021

IBM has issued security patches to fix high- and medium-severity bugs

Must Read

Near Up to 350,000 Spotify Users Targeted by Credential Stuffers

Security researchers have assisted Spotify handles a potentially considerable credential stuffing campaign after having an unsecured cloud database containing...

A report shows that avg time to fix critical vulnerabilities is 205 days

According to an AppSec Stats Flash report Published by whitehat security that the average time taken to fix critical...

Parking app ParkMobile experiences data breach of 21M Users

The popular mobile app that drivers use to pay and find available public parking in Pittsburgh and in other...

IBM has issued security patches to fix high- and medium-severity bugs affecting large business software solutions.

The worst bugs could lead to malicious code execution and application crashes.

This week, the tech giant published a set of security tips laying out fixes for vulnerabilities that impact IBM Java Runtime, IBM Planning Analytics Workspace, and IBM Kenexa LMS On-Premise.

First CVE-2020-14782 and CVE-2020-27221 Advisory Address, two security errors in IBM Runtime Environment Java 7 and 8 used by IBM Integration Designer – business software used to integrate data and applications into existing business processes – on -suites in IBM’s Business Automation Workflow and Business Process Manager suites.

CVE-2020-14782 is a bug in Java SE library objects that can allow attackers to compromise Java SE with too many protocols, but this takes the sandbox environment, to begin with, and is therefore considered difficult to use.

CVE-2020-27221, however, is very worrying and is given a CVSS rating of 9.8, critical rating. This is risk of stack-based satellite overload is related to Eclipse OpenJ9 and can be used by remote attackers to create conflicting code or create application crashes.

The second part of advice focuses on IBM Planning Analytics Workspace, which is part of Planning Analytics, a partnership with a software planning company.

In total, five vulnerabilities affecting software have been resolved, including the Node.js HTTP smuggling problem (CVE-2020-8201), CVE-2020-8251 – a Node.js denial of service flaw – and a Node .js buffer overflow, CVE- 2020-8252, which can be exploited by attackers to execute arbitrary code.

Two other risks, data integrity vulnerabilities resulting from XML (XXE) external business attacks on FasterXML Jackson Databind (CVE-2020-25649), and CVE-2020-4953, a problem with Workspace that could allow remote – but not guaranteed – attackers to steal sensitive data from responses. -HTTP – also fought for.

IBM also sent security advice explaining the risks affecting IBM Kenexa LMS On-Premise, a business management system. In total, five low-impact bugs were incorporated, all related to the use of Java SE and could lead to problems including service denial and data theft that may occur in combination with other attack vectors.

Last week, IBM issued the safety notices of IBM Spectrum Symphony 7.3.1 and IBM Spectrum Conductor 2.5.0, and the development of third-party libraries affected by the high risk.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.


Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This