IBM Platform Symphony and IBM Spectrum Symphony are not that secure, multiple vulnerabilities reported

Recently, vulnerability testing specialists revealed multiple security flaws in IBM Runtime Environment Java v8 Service Refresh 5 Fix Pack 41 and earlier, used by IBM Platform Symphony and IBM Spectrum Symphony software systems. The company has already addressed security flaws with their respective update patches.

Corrected security flaws are counted by dozens, although here is a list of noteworthy errors:

CVE-2019-2989

This is an unspecified vulnerability in Java SE that exploits could allow an unauthenticated attacker to generate issues of confidentiality, integrity, and availability on the target system. The flaw received a score of 6.8/10 on the Common Vulnerability Scoring System (CVSS) scale.

CVE-2019-2958

This is an unspecified java SE flaw related to the libraries component that would have an impact on confidentiality, integrity, and other failures. The flaw received a CVSS score of 5.9/10, vulnerability testing specialists mentioned.

CVE-2019-2975

An unspecified vulnerability in Java SE related to the Scripting component that could allow an unauthenticated attacker to not cause a confidentiality impact, low integrity impact, and low availability impact of the target system. The fault was rated 4.8/10.

CVE-2019-2999

On the other hand, this vulnerability in JavaSE relates to the Javadoc component, and its exploitation would allow an unauthenticated threat actor to generate various security and system availability issues. The flaw received a score of 4.7/10 on the CVSS scale.

CVE-2019-2992

An unspecified vulnerability in Java SE related to the 2D component could allow an unauthenticated attacker to cause a denial of service condition, which results in a low availability impact using unknown attack vectors. The CVSS score for this vulnerability is 3.7/10.

CVE-2019-2988

This unspecified vulnerability in JavaSE relates to the 2D component could allow an unauthenticated attacker to generate a denial of service (DoS) condition on the target system. The vulnerability received a score of 3.7/10 on the CVSS scale.

CVE-2019-2983

This unspecified flaw in Java SE related to the serialization component could allow an unauthenticated attacker to cause a DoS condition on the target system. The score given to this failure is 3.7/10.

While no further technical details have been revealed about these security flaws, vulnerability testing experts at the International Institute of Cyber Security (IICS) were able to verify that the potentially affected components have already been updated, so all system administrators need to upgrade to the latest versions of their deployments.