IBM Fixes Critical Vulnerabilities in Voice, Security, and Cloud Services

Three vulnerabilities, all of which affect the Golang packages the platform utilizes, were fixed in IBM Netezza for Cloud Pak for Data. With a CVSS score of 7.5, two of these issues are classified as having “high severity.”

Each of the three issues is classified as a denial-of-service (DoS) vulnerability in Golang that might be remotely exploited by employing specially designed material or requests.

The problems have been fixed in platform version 11.2.1.6, which affects Netezza for Cloud Pak for Data versions 11.2.1.0 through 11.2.1.5.

IBM Fixes Critical Vulnerabilities in Voice, Security, and Cloud Services

Additionally, IBM released updates for five Node.js issues that affect Voice Gateway, including two that are classified as “high severity” and may allow arbitrary code execution or privilege escalation.

A DLL search order hijacking in providers.dll is the first of the issues, and it might be used by an attacker to get administrative rights to the system by using a purpose-built file.

The second problem occurs when Node.js improperly determines if an IP address is incorrect. An attacker who had access to the victim’s DNS server or who could spoof its replies might take advantage of the vulnerability to run arbitrary code.

The three remaining issues are classified as “medium severity” and include defects in HTTP request trafficking that could result in cross-site scripting (XSS) attacks, web cache poisoning, or firewall protection bypass.

Voice Gateway 1.0.7, 1.0.7.1, and 1.0.8 are all affected by the bugs. All five issues have been fixed in the latest Voice Gateway 1.0.8.x images that IBM released.

Additionally, IBM addressed six SiteProtector vulnerabilities that all affect the Apache HTTP Server. A bug that allows for high-severity request smuggling is the worst of them.

The problems affect the IBM Security SiteProtector system version 3.1.1 and have been fixed in the appliance’s latest release, 3.1.1.19.

A medium-severity identification spoofing vulnerability in Liberty for Java for IBM Cloud was also addressed by IBM this week. The business also made updates to several previously released warnings, including one from May that described how the Spring4Shell issue affected the IBM Cloud Pak System.




Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates Read More

Advertisement

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More