Security

IBM addressed flaws in Java Runtime, Planning Analytics Workspace, Kenexa LMS

IBM has released security patches to address high- and medium-severity vulnerabilities impacting some of its enterprise solutions.

IBM has released security updates to address several high- and medium-severity flaws affecting some of its enterprise products, including IBM Java Runtime, IBM Planning Analytics Workspace, and IBM Kenexa LMS On Premise. 

Two issues, tracked as CVE-2020-14782 and CVE-2020-27221, affect Runtime Environment Java 7 and 8 which is used in IBM Integration Designer.

IBM Integration Designer is a complete authoring environment that you use for end-to-end integration in your service-oriented architecture (SOA). Based on Eclipse, Integration Designer is a tool for building SOA-based business process management and integration solutions across Business Automation Workflow and WebSphere Adapters. 

The most severe issue, tracked as CVE-2020-27221, is a stack-based buffer overflow that resides in Eclipse OpenJ9. The issue could be used by remote attackers to execute arbitrary code or cause an application crash. 

“Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.” reads the advisory.

The vulnerability received a CVSS base score of 9.8.

The CVE-2020-14782 flaw affects the Java SE’s library component that could be exploited by attackers to compromise Java SE via multiple protocols.

“An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.” reads the advisory published by IBM.

Big Blue also published an advisory to report five vulnerabilities in the Planning Analytics Workspace, which is a component of Planning Analytics, a collaboration and management planning product.

The most severe issues are CVE-2020-8251 and CVE-2020-25649, that are a denial of service and a buffer overflow issue respectively. Both received a CVSS Base score of 7.5.

The IT giant also addressed five low-impact vulnerabilities in IBM Kenexa LMS On Premise, which is an enterprise learning management system.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, IBM)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

8 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

12 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

18 hours ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

21 hours ago

Finnish police linked APT31 to the 2021 parliament attack

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…

1 day ago

TheMoon bot infected 40,000 devices in January and February

A new variant of TheMoon malware infected thousands of outdated small office and home office…

1 day ago

This website uses cookies.