Vulnerabilities

IBM Platform Symphony and IBM Spectrum Symphony are not that secure, multiple vulnerabilities reported

Recently, vulnerability testing specialists revealed multiple security flaws in IBM Runtime Environment Java v8 Service Refresh 5 Fix Pack 41 and earlier, used by IBM Platform Symphony and IBM Spectrum Symphony software systems. The company has already addressed security flaws with their respective update patches.

Corrected security flaws are counted by dozens,
although here is a list of noteworthy errors:

CVE-2019-2989

This is an unspecified vulnerability in Java SE that exploits could allow an unauthenticated attacker to generate issues of confidentiality, integrity, and availability on the target system. The flaw received a score of 6.8/10 on the Common Vulnerability Scoring System (CVSS) scale.

CVE-2019-2958

This is an unspecified java SE flaw related to
the libraries component that would have an impact on confidentiality,
integrity, and other failures. The flaw received a CVSS score of 5.9/10,
vulnerability testing specialists mentioned.

CVE-2019-2975

An unspecified vulnerability in Java SE related
to the Scripting component that could allow an unauthenticated attacker to not
cause a confidentiality impact, low integrity impact, and low availability
impact of the target system. The fault was rated 4.8/10.

CVE-2019-2999

On the other hand, this vulnerability in JavaSE
relates to the Javadoc component, and its exploitation would allow an
unauthenticated threat actor to generate various security and system availability
issues. The flaw received a score of 4.7/10 on the CVSS scale.

CVE-2019-2992

An unspecified vulnerability in Java SE related
to the 2D component could allow an unauthenticated attacker to cause a denial
of service
condition, which results in a low availability impact using
unknown attack vectors. The CVSS score for this vulnerability is 3.7/10.

CVE-2019-2988

This unspecified vulnerability in JavaSE
relates to the 2D component could allow an unauthenticated attacker to generate
a denial of service (DoS) condition on the target system. The vulnerability
received a score of 3.7/10 on the CVSS scale.

CVE-2019-2983

This unspecified flaw in Java SE related to the
serialization component could allow an unauthenticated attacker to cause a DoS
condition on the target system. The score given to this failure is 3.7/10.

While no further technical details have been
revealed about these security flaws, vulnerability testing experts at the
International Institute of Cyber Security (IICS) were able to verify that the
potentially affected components have already been updated, so all system
administrators need to upgrade to the latest versions of their deployments.

To Top

Pin It on Pinterest

Share This