IBM Issues Fixes for Vulnerabilities
Numerous fixes released.
Fixes have been released by IBM to address numerous product vulnerabilities.
According to SecurityWeek, the most serious of the flaws are a pair of high-severity remote code execution bugs in its Data Visualization Manager and Security SOAR offerings.
The flaw tracked as CVE-2024-52899 would allow attackers to exploit the Data Virtualization Manager for z/OS flaw to facilitate malicious JDBC URL parameter injections and run arbitrary code.
Also a Security SOAR prototype pollution issue, tracked as CVE-2024-45801, could be leveraged to trigger arbitrary code execution and denial-of-service condition, according to IBM.
Other security vulnerabilities patched by IBM include the Watson Speech Services Cartridge for Cloud Pak for Data and OpenSSL flaws, tracked as CVE-2024-49353 and CVE-2024-6119, respectively, as well as three Engineering Lifecycle Management issues, which could be utilized in cross-site scripting intrusions.
Immediate application of the patches has been recommended even if no active exploitation of any of the flaws was reported.
Related content
$4 Million Expanded Bug Bounty Initiative Announced by Microsoft
Infostealer Shut Down After Source Code Was Leaked
Over 35 Million Devices Caught in DDoS
Charity Commission Received Hundreds of Cybercrime Reports in 2024
CVE Created for 18 Month-Old Flaw
Merseyside Teaching Hospital Suffers 'Cyber Incident'
Nuclear Cyber Collaboration Enabled in Facility
Upcoming Events
Confirm cancellation
An error occurred trying to play the stream. Please reload the page and try again.
CloseSign up benefits
Registering with SC Media is 100% free. Join tens of thousands of cybersecurity leaders today and gain access to the latest analysis shaping the global infosec agenda.
- Weekly newsletters featuring industry-leading insight
- Access to free cyber expert webinars and videos
- Privileged viewership of special reports, such as the Annual Cyber Salary Survey and Women of Influence