Security Bulletin: Security vulnerability affect IBM Business Automation Workflow - CVE-2022-42920

Summary IBM Business Automation Workflow packages a vulnerable copy of Apache BCEL in an OSGi bundle. Vulnerability Details CVEID:CVE-2022-42920 DESCRIPTION: Apache Commons BCEL could allow a remote attacker to bypass security restrictions, caused by an out-of-bounds write flaw in the APIs. By...

Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing

An out-of-bounds OOB write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected...

Important: Red Hat Security Advisory: bcel security update

An update for bcel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

at.datenwort.commons:jmodel2ts-app (>=0.1 <=0.12), ch.heia-fr.isc.data-cockpit:experiments (>=1.0.0 <=1.1.0) +969 more potentially affected by CVE-2022-42920 via org.apache.bcel:bcel (>=5.2 <=6.5.0)

org.apache.bcel:bcel MAVEN version =5.2, =0.1, =1.0.0, =1.0.1, =1.0.0, =0.1.4-jdk17-RELEASES, =4.2.1, =0.0.1, =1.1.0, =0.2.0, =0.1.31, =0.5.0, =0.5.0, =1.10.0, =2.0.0, =3.0.0.rc1, =3.2.1 and more Source cves: CVE-2022-42920 Source advisory: OSV:GHSA-97XG-PHPR-RG8Q...

CVE-2022-42920

Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those...