The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of IBM SDK: executing DLL code

Synthesis of the vulnerability 

An attacker can create a malicious DLL, and then put it in the current directory of IBM SDK, in order to execute code.
Vulnerable systems: DB2 UDB, IRAD, Rational ClearCase, SPSS Modeler, Tivoli Storage Manager, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Liberty, WebSphere AS Traditional, SLES.
Severity of this threat: 2/4.
Creation date: 05/02/2020.
Références of this weakness: 1289194, 3260187, 5694963, 5695611, 5695629, 5695653, 5695851, 6173781, 6199287, 6199289, 6201679, 6210521, 6210522, 6257207, CVE-2019-4732, SUSE-SU-2020:0466-1, VIGILANCE-VUL-31514.

Description of the vulnerability 

An attacker can create a malicious DLL, and then put it in the current directory of IBM SDK, in order to execute code.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This threat announce impacts software or systems such as DB2 UDB, IRAD, Rational ClearCase, SPSS Modeler, Tivoli Storage Manager, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Liberty, WebSphere AS Traditional, SLES.

Our Vigil@nce team determined that the severity of this cybersecurity alert is medium.

The trust level is of type confirmed by the editor, with an origin of intranet server.

An attacker with a expert ability can exploit this security alert.

Solutions for this threat 

IBM DB2: fixed versions for Java.
The following versions are fixed:
  DB2 10.1.x: IBM Java 7.0.10.60
  DB2 10.5.x: IBM Java 7.0.10.60
  DB2 11.1.x: IBM Java 8.0.6.5
  DB2 11.5.x: IBM Java 8.0.6.5

IBM Rational Application Developer: patch for Java.
A patch is available:
  Java 8 SR6 FP7 (http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FIBM+Rational+Application+Developer+for+WebSphere+Software&fixids=Rational-RAD-Java8SR6FP7_RAD_RSA-ifix&source=SAR)

IBM Rational ClearCase: patch for Java.
A patch is indicated in information sources.

IBM Spectrum Protect: fixed versions.
Fixed versions are indicated in information sources.

IBM Spectrum Protect Server: fixed versions for Java.
Fixed versions are indicated in information sources.

IBM SPSS Modeler: patch for IBM Java.
A patch is indicated in information sources.

IBM Tivoli System Automation: patch for Java.
A patch is available:
  https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Tivoli&product=ibm/Tivoli/Tivoli+System+Automation+for+Multiplatforms&release=All&platform=All&function=all

IBM Tivoli Workload Scheduler: patch for Java.
A patch is available:
  For Tivoli Workload Scheduler Distributed 9.2.0 FP0003: 9.2.0-TIV-TWS-FP0003-IJ23925
  For Tivoli Workload Scheduler Distributed 9.4.0 FP06: 9.4.0-TIV-TWS-FP0006-IJ23925

SUSE LE 15: new java-1_8_0-ibm packages (25/02/2020).
New packages are available:
  SUSE LE 15 RTM: java-1_8_0-ibm 1.8.0_sr6.5-3.33.2
  SUSE LE 15 SP1: java-1_8_0-ibm 1.8.0_sr6.5-3.33.2

WebSphere AS: patch for Java.
A patch is indicated in information sources.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer security patch. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.