CVSS Archives - IT Jungle

April Showers Bring May IBM i Security Vulnerabilities

May 8, 2024 Alex Woodie

IBM has patched more than a dozen security flaws in IBM i and related products this spring, including serious flaws in the operating system proper and the compilers, and a critical vulnerability in Administrative Runtime Expert that landed a nearly perfect CVSS Base score.

In the interest of time, let’s cover the security vulnerabilities in descending order of severity. That means we’re starting with the worst and then moving on to the slightly less worse.

ARE Flaw

The flaw reported in the Administration Runtime Expert for i (ARE), which IBM launched in 2010 to make it easier to manage IBM …
Read more
2022: An IBM i Year in Review, Part One

December 14, 2022 Alex Woodie

Well, it’s that time of year again – time to look back on the year and contemplate what happened. It was another eventful year in the midrange, with new servers and new operating systems. The IBM i user and vendor communities also worked to make it a rewarding year.

2021 started innocently enough back in . . .

January

Cybercriminals earned a gazillion demerits for their early 2021 Christmas present to cybersecurity professionals: Log4j, the most critical security vulnerability to hit the IT world in years. With a perfect CVSS severity rating of 10, Log4j sent security professionals scrambling in …
Read more
IBM Patches Nine Security Flaws in IBM i

September 29, 2021 Alex Woodie

IBM patched issued three security bulletins Friday alerting IBM i users to the availability of patches for nine newly disclosed security vulnerabilities in OpenSSL, HTTP Server, and a WebSphere Liberty components. Some of the vulnerabilities are potentially serious and should be patched immediately.

IBM patched two security flaws its OpenSSL API that potentially could have devastating consequences on impacted systems, including enabling a hacker to take over the server, to read sensitive information, and execute a denial of service (DOS) attack. IBM patched these flaws in IBM i 7.1 through 7.4, according to the security bulletin, which you can read …
Read more
Samba Patch Caps Busy Year for IBM i Security

December 4, 2019 Alex Woodie

IBM last week patched a moderately severe security flaw in IBM i’s Samba implementation that could enable hackers to access data they really shouldn’t be able to access. The disclosure caps a rather busy second half of the year for security patches on IBM i that saw 26 emergency PTFs and Yum updates for Node.js, Python, the Apache HTTP Server, OpenSSL, ISC Bind, IBM Navigator, and even Db2 Mirror for IBM i.

On November 26, IBM issued this security bulletin to let people know about the new flaw in the Samba client. The flaw could allow a hacker to not …
Read more
IBM Patches New Security Flaws in Java, OpenSSL

April 3, 2019 Alex Woodie

IBM this week patched a series of flaws in IBM i’s Java environment, including a pair of very serious problems in the OpenJ9 runtime that could allow remote attackers to execute arbitrary code, in addition to a series of less-severe Java vulnerabilities. The company also fixed a new flaw found in IBM i’s OpenSSL implementation.

A total of seven Java flaws that impact IBM i versions 7.1 through 7.3 were addressed with one security bulletin issued by IBM on March 29. IBM issued Group PTFs for each release of the operating system to address them. A single OpenSSL flaw also …
Read more

Content archive

Recent Posts

Subscribe

Pages

Search

April Showers Bring May IBM i Security Vulnerabilities

ARE Flaw

2022: An IBM i Year in Review, Part One

January

IBM Patches Nine Security Flaws in IBM i

Samba Patch Caps Busy Year for IBM i Security

IBM Patches New Security Flaws in Java, OpenSSL

Content archive

Recent Posts

Subscribe

Pages

Search