Patch now: Critical VMware, Atlassian flaws found theregister.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from theregister.com Daily Mail and Mail on Sunday newspapers.
This week, the tech giant published a set of security advisories laying out fixes for vulnerabilities that impact IBM Java Runtime, IBM Planning Analytics Workspace, and IBM Kenexa LMS On Premise.
The first advisory addresses CVE-2020-14782 and CVE-2020-27221, two security flaws in IBM Runtime Environment Java 7 and 8 which are used by IBM Integration Designer enterprise software used to integrate data and applications into existing business processes in IBM s Business Automation Workflow and Business Process Manager software suites.
CVE-2020-14782 is a bug in Java SE s library component that could allow attackers to compromise Java SE via multiple protocols, but this takes a sandbox environment to trigger and so is considered difficult to exploit.
A critical-severity buffer-overflow flaw that affects IBM Integration Designer could allow remote attackers to execute code.
IBM has patched a critical buffer-overflow error that affects Big Blue’s Integration Designer toolset, which helps enterprises create business processes that integrate applications and data. If exploited, the flaw could enable remote code execution.
Click to Register
The flaw (CVE-2020-27221) has a CVSS base score of 9.8 out of 10, making it critical in severity. It stems from an issue in versions 7 and 8 of Java Runtime Environment (JRE), which is used by IBM Integration Designer toolset.
JRE is a software layer that runs on top of a computer’s operating system (OS), and enables Java to run seamlessly on any system regardless of its OS.