Lucene search

K
ibmIBMA48FBFA17576575D0C4186F8C5D2568F5F5BC3CB4B99C62DCBEA7E11187CCCFD
HistoryJul 23, 2021 - 3:10 p.m.

Security Bulletin: IBM Analyst's Notebook Premium uses a component with known vulnerabilities (CVE-2020-16013, CVE-2020-16009, CVE-2020-15999)

2021-07-2315:10:10
www.ibm.com
18

EPSS

0.805

Percentile

98.3%

Summary

IBM i2 Analyst’s Notebook Premium uses a browser component version with known vulnerabilities.

Vulnerability Details

CVEID:CVE-2020-16013
**DESCRIPTION:**Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in V8. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/191522 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2020-16009
**DESCRIPTION:**Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in V8. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190998 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2020-15999
**DESCRIPTION:**Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by Freetype. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190226 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM i2 Analyst’s Notebook Premium IBM i2 Analyst’s Notebook Premium 9.2.0
IBM i2 Analyst’s Notebook Premium All
IBM i2 Analyst’s Notebook Premium IBM i2 Analyst’s Notebook Premium 9.2.2
IBM i2 Analyst’s Notebook Premium IBM i2 Analyst’s Notebook Premium 9.2.1

Remediation/Fixes

Please visit your IBM customer portal to pick up the latest continuous delivery package containing a newer version of the Chromium plugin fixing the referenced issues.

Workarounds and Mitigations

None