Author: Melodie Foster

Date: 24th February 2021

 

The flaw was located in IBM’s Integration Designer which delivers tools for visually constructing services. Big Blue’s Integration Designer toolset, included in the Integration Designer, contained a buffer-overflow error which could lead to remote code execution.

IBM’s security advisor said about the flaw, “By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.” However, IBM have not provided further information about the level of privileges an attacker would need.

IBM utilise a Java Native Interface which is a framework that enables Java code running in a Java virtual machine to be able to call native applications written in other languages. The flaw exists when the virtual machine or Java Native Interface converts characters from UTF-8 to platform encoding.

The flaw has a CVSS score of 9.8 out of 10 which means it is critical. IBM have issued patches to the four vulnerable versions of Integration Designer: 8.5.7, 19.0.0.2, 20.0.0.1 and 20.0.0.2.

Another unspecified vulnerability was also patched in the Integration Designer but iBM said about that flaw that it had “no confidentiality impact, low integrity impact and no availability impact.”[1]

[1] https://threatpost.com/ibm-critical-remote-code-execution-flaw/164187/

 

Other resources

Cyberfort Colocation Services

Cyberfort has invested heavily in secure infrastructure, making us the perfect colocation service provider to host your mission-critical, sensitive and regulated data.
Find out more >

What can Cyberfort do for you?

Check out our factsheets for detailed information on the matrix of cybersecurity products and services we offer to protect your business.
Find out more >

Cyberfort Deep Dives

Cyberfort’s cybersecurity consultants explore issues in cyber threat intelligence, incident planning and data security. Read our whitepapers to help make decisions that benefit your business.
Find out more >

Receive knowledge to your inbox