Imechapishwa: Aug 16, 2024 19:00
Advisory No: TZCERT-SA-24-0024
Source: IBM
Software Affected: Apache Calcite Avatica, FasterXML jackson-databind, robinweser fast-loops
Three plugins in IBM products are vulnerable to critical vulnerabilities. Attackers can exploit the vulnerabilities to execute arbitrary code or cause a denial of service.
Multiple IBM products depending on Apache Calcite Avatica, FasterXML jackson-databind and robinweser fast-loopsare are affected by critical vulnerabilities with CVSS base scores of 9.8 and tracked as CVE-2022-36364, CVE-2020-24616, and CVE-2024-39008 respectively. The vulnerabilities are caused by flaws in the JDBC driver, unsafe deserialization between gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP), and prototype pollution in the function objectMergeDeep respectively. By sending specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service.
Successful exploitation of these vulnerabilities may allow the attacker to take control of the affected system or cause a denial of service condition
IBM has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.