A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Remote Code Execution Vulnerabilities in IBM Operational Decision Manager, and IBM i Modernization Engine for Lifecycle Integration (CVE-2019-19919, CVE-2019-12384)

Remote Code Execution Vulnerabilities in IBM Operational Decision Manager, and IBM i Modernization Engine for Lifecycle Integration (CVE-2019-19919, CVE-2019-12384)

Advisory No: TZCERT/SA/2024/05/17-6

Date of First Release: 17th May 2024

Source: IBM

Software Affected: IBM Operational Decision Manager, IBM i Modernization Engine for Lifecycle Integration

Overview:

IBM applications are vulnerable to critical vulnerabilities. The attackers can leverage the vulnerability to execute arbitrary code on the affected system.

Description:

IBM Operational Decision Manager, IBM i Modernization Engine for Lifecycle Integration are affected by critical vulnerability rated at 9.8 and tracked as CVE-2019-19919 and CVE-2019-12384. The vulnerabilities exist in Node.js handlebars and FasterXML jackson-databind. The attackers can send specially crafted messages to execute arbitrary code on the vulnerable system.

Impact:

Successful exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Solution:

IBM has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://exchange.xforce.ibmcloud.com/vulnerabilities/173388
  2. https://exchange.xforce.ibmcloud.com/vulnerabilities/162849

Check Also

High severity vulnerabilities in HPE ProLiant and HPE Edgeline Servers Using BIOS (PixieFail) (CVE-2023-45229, CVE-2023-45230, CVE-2023-45234, CVE-2023-45235, CVE-2021-38575)

Advisory No: TZCERT/SA/2024/05/31-2 Date of First Release: 31st May 2024 Source: Hewlett-Packard (HP) Software Affected: …