There is a vulnerability in IBM® Java™ versions 7 & 8 used by IBM CPLEX Optimization Studio. IBM CPLEX Optimization Studio has addressed the applicable CVE.
CVEID:CVE-2020-27221
**DESCRIPTION:**Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195353 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM ILOG CPLEX Optimization Studio (COS) | 20.1 |
IBM ILOG CPLEX Optimization Studio (COS)| 12.10
IBM ILOG CPLEX Optimization Studio (COS)| 12.9
IBM ILOG CPLEX Optimization Studio (COS)| 12.8
IBM ILOG CPLEX Optimization Studio (COS)| 12.7.1
IBM ILOG CPLEX Optimization Studio (COS)| 12.7
The recommended solution is to download and install the appropriate version of IBM JRE as soon as practicable.
Before installing a newer version of IBM JRE, please ensure that you:
IBM ILOG CPLEX Optimization Studio
IBM Java Version 7 Service Refresh 10 Fix Pack 80 and subsequent releases
IBM Java Version 8 Service Refresh 6 Fix Pack 25 and subsequent releases
You must verify that applying this fix does not cause any compatibility issues.
Here are the detailed instructions for updating IBM JRE.
For Mac OS, HP-UX and Solaris, IBM recommends upgrading to a fixed, supported version/release/platform of the product.
None