IBM69000F2BB3CBB0F79944AD7625F22A73FDE86D75F20CC3A7FEB9CE21A74DFCB1Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11, v12 (CVE-2020-27221)
EPSS
Percentile
74.6%
Summary
Vulnerabilities in IBM® SDK Java™ Technology ,used by IBM Integration Bus & IBM App Connect Enterprise v11, v12. These issues were disclosed as part of the IBM Java SDK updates in January 2021.
Vulnerability Details
CVEID:CVE-2020-27221
**DESCRIPTION:**Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195353 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
IBM App Connect Enterprise V11 , V11.0.0.0 - V11.0.0.13
IBM Integration Bus V10.0.0.0 - V10.0.0.23
IBM App Connect Enterprise V12 12.0.1.0
Remediation/Fixes
Product
|
VRMF
| APAR|
Remediation / Fix
—|—|—|—
IBM App Connect Enterprise V12| V12.0.1.0| IT36290|
Interim fix (for APAR IT36290 ) available here on IBM Fix Central
IBM App Connect Enterprise V11| V11.0.0.0 - V11.0.0.13| IT36290|
Interim fix (for APAR IT36290 ) available here on IBM Fix Central
IBM Integration Bus| V10.0.0.0 - V10.0.0.24| IT36290|
The APAR is available in fixpack 10.0.0.24
IBM Integration Bus - Fix Pack 10.0.0.24
Workarounds and Mitigations
None
Related
EPSS
Percentile
74.6%