Home News IBM Fixes Critical Vulnerabilities in Java Runtime, Planning Analytics Workspace

IBM Fixes Critical Vulnerabilities in Java Runtime, Planning Analytics Workspace

The now patched critical vulnerabilities in IBM’s enterprise software could have allowed attackers to run malicious code execution and application crashes.

IBM released security fixes to patch high-and medium-severity vulnerabilities impacting its enterprise software solutions. The tech giant published a set of security advisories to address multiple vulnerabilities in IBM Java Runtime, IBM Planning Analytics Workspace, and IBM Kenexa LMS On-Premise.

The first advisory released fixes for two critical vulnerabilities CVE-2020-14782 and CVE-2020-27221 in IBM Runtime Environment Java 7 and 8 respectively, which are used by IBM Integration Designer enterprise software. IBM Integration Designer is used for end-to-end integration in service-oriented architecture (SOA).

  • CVE-2020-14782 is an unspecified vulnerability in Java SE related to the Libraries component that could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact by compromising Java SE.
  • CVE-2020-27221 is a stack-based buffer overflow vulnerability in Eclipse OpenJ9 and could allow a remote attacker to execute arbitrary code on the system or cause the application to crash.

Affected Products include Integration Designer versions 8.5.7, 19.0.0.2, 20.0.0.1, and 20.0.0.2

Fixes:

IBM Integration Designer 8.5.7

IBM Integration Designer 19.0.0.2

IBM Integration Designer 20.0.0.1

IBM Integration Designer 20.0.0.2

The second advisory addresses bugs in IBM’s collaboration and management planning software IBM Planning Analytics Workspace. In total, the company resolved five vulnerabilities  CVE-2020-8201, CVE-2020-8251, CVE-2020-8252, CVE-2020-25649, and CVE-2020-4953 that impact the Planning Analytics software. If exploited, the vulnerabilities could allow an attacker to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.

The affected product includes IBM Planning Analytics 2.0 Local and Cloud

Fix:

The recommended solution is to apply the patch as soon as possible.

IBM also described vulnerabilities affecting IBM’s enterprise learning management system IBM Kenexa LMS On-Premise. The company fixed five low-impact vulnerabilities which could allow unauthorized hackers to launch denial of service (DDoS) attacks.

The affected product includes IBM Kenexa LMS On-Premise of LMS 6.1 and lower versions.

Fix:

IBM recommended users to update to the latest release.