Recently, vulnerability testing specialists revealed multiple security flaws in IBM Runtime Environment Java v8 Service Refresh 5 Fix Pack 41 and earlier, used by IBM Platform Symphony and IBM Spectrum Symphony software systems. The company has already addressed security flaws with their respective update patches.
Corrected security flaws are counted by dozens, although here is a list of noteworthy errors:
CVE-2019-2989
This is an unspecified vulnerability in Java SE that exploits could allow an unauthenticated attacker to generate issues of confidentiality, integrity, and availability on the target system. The flaw received a score of 6.8/10 on the Common Vulnerability Scoring System (CVSS) scale.
CVE-2019-2958
This is an unspecified java SE flaw related to the libraries component that would have an impact on confidentiality, integrity, and other failures. The flaw received a CVSS score of 5.9/10, vulnerability testing specialists mentioned.
CVE-2019-2975
An unspecified vulnerability in Java SE related to the Scripting component that could allow an unauthenticated attacker to not cause a confidentiality impact, low integrity impact, and low availability impact of the target system. The fault was rated 4.8/10.
CVE-2019-2999
On the other hand, this vulnerability in JavaSE relates to the Javadoc component, and its exploitation would allow an unauthenticated threat actor to generate various security and system availability issues. The flaw received a score of 4.7/10 on the CVSS scale.
CVE-2019-2992
An unspecified vulnerability in Java SE related to the 2D component could allow an unauthenticated attacker to cause a denial of service condition, which results in a low availability impact using unknown attack vectors. The CVSS score for this vulnerability is 3.7/10.
CVE-2019-2988
This unspecified vulnerability in JavaSE relates to the 2D component could allow an unauthenticated attacker to generate a denial of service (DoS) condition on the target system. The vulnerability received a score of 3.7/10 on the CVSS scale.
CVE-2019-2983
This unspecified flaw in Java SE related to the serialization component could allow an unauthenticated attacker to cause a DoS condition on the target system. The score given to this failure is 3.7/10.
While no further technical details have been revealed about these security flaws, vulnerability testing experts at the International Institute of Cyber Security (IICS) were able to verify that the potentially affected components have already been updated, so all system administrators need to upgrade to the latest versions of their deployments.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.
