Fixes have been released by IBM to address numerous product vulnerabilities, the most serious of which are a pair of high-severity remote code execution bugs in its Data Visualization Manager and Security SOAR offerings, reports SecurityWeek.
Attackers could exploit the Data Virtualization Manager for z/OS flaw, tracked as CVE-2024-52899, to facilitate malicious JDBC URL parameter injections and run arbitrary code, while the Security SOAR prototype pollution issue, tracked as CVE-2024-45801, could be leveraged to trigger arbitrary code execution and denial-of-service condition, according to IBM. Other security vulnerabilities patched by IBM include the Watson Speech Services Cartridge for Cloud Pak for Data and OpenSSL flaws, tracked as CVE-2024-49353 and CVE-2024-6119, respectively, as well as three Engineering Lifecycle Management issues, which could be utilized in cross-site scripting intrusions. Immediate application of the patches has been recommended even if no active exploitation of any of the flaws was reported.
