IBM patched a critical buffer-flow error that affected its Integration Designer toolset. The error has the potential of being exploited to enable the execution of remote codes. The flaw (CVE-2020-27221) was critical in severity as it has a CVSS base score of 9.8 out of 10.
The critical flaw originated from an issue in versions 7 and 8 of Java Runtime Environment (JRE), which is a software layer used by the IBM Integration Designer toolset.
According to IBM’s Monday security advisory, “By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.” However, there are no further details on what other privileges an attacker would need in order to execute the attack.