Published On: May 17, 2024 14:24
Advisory No: TZCERT/SA/2024/05/17-6
Source: IBM
Software Affected: IBM Operational Decision Manager, IBM i Modernization Engine for Lifecycle Integration
Advisory No: TZCERT/SA/2024/05/17-6
Date of First Release: 17th May 2024
Source: IBM
Software Affected: IBM Operational Decision Manager, IBM i Modernization Engine for Lifecycle Integration
Overview:
IBM applications are vulnerable to critical vulnerabilities. The attackers can leverage the vulnerability to execute arbitrary code on the affected system.
Description:
IBM Operational Decision Manager, IBM i Modernization Engine for Lifecycle Integration are affected by critical vulnerability rated at 9.8 and tracked as CVE-2019-19919 and CVE-2019-12384. The vulnerabilities exist in Node.js handlebars and FasterXML jackson-databind. The attackers can send specially crafted messages to execute arbitrary code on the vulnerable system.
Impact:
Successful exploitation of these vulnerabilities may allow an attacker to take control of affected system.
Solution:
IBM has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.
References:
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.