There is a vulnerability in IBM® Java™ versions 7 & 8 used by IBM Decision Optimization Center. IBM Decision Optimization Center has addressed the applicable CVE.
CVEID:CVE-2020-27221
**DESCRIPTION:**Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195353 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Decision Optimization Center (DOC) | 3.9.1 |
IBM Decision Optimization Center (DOC) | 3.9.0.2 |
IBM ILOG Optimization Decision Manager Enterprise (ODME) | 3.9.0.1 |
IBM Decision Optimization Center (DOC) | 3.9 |
IBM Decision Optimization Center (DOC) | 3.8.0.2 |
IBM Decision Optimization Center (DOC) | 3.8.0.1 |
IBM Decision Optimization Center (DOC) | 3.8 |
IBM ILOG Optimization Decision Manager Enterprise (ODME) | 3.7.0.2 |
IBM ILOG Optimization Decision Manager Enterprise (ODME) | 3.7.0.1 |
IBM ILOG Optimization Decision Manager Enterprise (ODME) | 3.7 |
The recommended solution is to download and install the IBM Java SDK as soon as practicable.
Please note that IBM SDK Java 6 is no longer supported anymore. IBM recommends upgrading to DOC 3.8.0.2, 3.9.1 or subsequent releases.
Before installing a newer version of IBM Java SDK, please ensure that you:
IBM Decision Optimization Center
From v3.8.0.2: IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 80 and subsequent releases
From v3.9.0.1: IBM SDK, Java Technology Edition, Version 8 Service Refresh 6 Fix Pack 25 and subsequent releases
You must verify that applying this fix does not cause any compatibility issues.
Here are the detailed instructions for updating IBM Java SDK.
None