Eclipse OpenJ9 (used as part of IBM InfoSphere Identity Insight) running on Linux or AIX is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
IBM InfoSphere Identity Insight | 9.0,9.1 |
Customers with IBM InfoSphere Identity Insight version 9.0 and 9.1 are encouraged to upgrade to version 10, which includes a fix for this issue.
For customers remaining on IBM InfoSphere Identity Insight version 9.0 or 9.1: Per original bulletin at <https://www.ibm.com/support/pages/node/6414721>, apply IBM SDK Java Technology Edition, version 8.0.6.25 or later as available from IBM Fix Central. IBM recommends installing the latest Version 8 Service Refresh 6 release.
None