Weekly threat roundup: IBM, VMware and Python

Pulling together the most dangerous and pressing flaws that businesses need to patch

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

IBM fixes Integration Designer bug

Hackers were, until recently, able to exploit multiple vulnerabilities in IBM systems including a remote code execution flaw found in Integration Designer, a key software development tool. These bugs have been patched alongside several others affecting IBM’s Planning Analytics Workspace.

Tracked as CVE-2020-27221 and CVE-2020-14782, these flaws were embedded in the IBM Runtime Environment Java 7 and 8 used by this service, as well as IBM’s Business Automation Workflow and Business Process Manager packages.

The first is deemed a critical vulnerability and is rated 9.8 on the CVSS threat severity scale. It relates to the Eclipse OpenJ9 component, which is vulnerable to stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. By sending a long string, hackers could overflow a buffer and execute arbitrary code remotely on the system. 

Hackers actively scanning for vulnerable VMware systems

Although VMware has recently patched a handful of flaws in its ESXi and vSphere Client services, hackers are scanning for exposed VMware vCenter servers that haven’t yet been patched, according to Bad Packets.

The company this week fixed three flaws present across VMware ESXi bare-metal hypervisor and vSphere Client virtual infrastructure management platform. The bugs included a severe flaw rated 9.8 on the CVSS scale, and tracked as CVE-2021-21972.

Attackers with access to port 443 could exploit this flaw to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server, according to VMware. 

Also patched was CVE-2021-21974, a heap buffer overflow vulnerability in the OpenSLP component of ESXi. Rated 8.8, hackers lying dormant within the same network segment as ESXi with access to port 427 may trigger the issue in OpenSLP which could also result in remote code execution. 

Virtual event platforms exposed MSPs to attack

Vulnerabilities found in two of the top five most widely-used virtual event management platforms had exposed conference-goers and managed service providers (MSPs) to potential cyber attacks.

Webcasts.com and VFairs are embedded with vulnerabilities ranging from information disclosure bugs to remote code execution flaws. The security firm Huntress discovered these vulnerabilities after attending events hosted on these platforms and opting to do “some poking and prodding”.

The companies running these events platforms were notified of the vulnerabilities in September and October 2020 and have since issued fixes. Huntress couldn’t confirm if any successful attacks exploited these flaws, but warned it could well be possible that many other virtual event management platforms are also embedded with similar vulnerabilities.

RCE concern in Python

The Python Software Foundation (PSF) is urging developers to upgrade to Python 3.9.2 and 3.8.8 to mitigate the threat posed by two vulnerabilities, including one categorised as a ‘remote code execution’ bug.

Although this flaw, tagged CVE-202103177, is listed as a potential remote-code execution risk, the foundation claims that practical exploits of this flaw are very unlikely due to several testing conditions that need to be met. 

Researchers with Red Hat, who’ve analysed the flaw, have only rated it 5.9 on the CVSS scale because the highest threat is to system availability, i.e. hackers exploiting this to shut down a system. It’s described as a stack-based buffer overflow in Python’s ctypes module. Apps using ctypes without carefully validating the input passed to it may be exposed to this flaw, which could allow hackers to overflow a buffer on the stack and crash the application.

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
Hackers breach a San Francisco water treatment plant
Security

Hackers breach a San Francisco water treatment plant

18 Jun 2021
Putin open to handing cyber criminals over to US
hacking

Putin open to handing cyber criminals over to US

14 Jun 2021

Most Popular

Q&A: Enabling transformation
Sponsored

Q&A: Enabling transformation

10 Jun 2021
OnePlus 9 Pro review: An instant cult classic
Hardware

OnePlus 9 Pro review: An instant cult classic

7 Jun 2021
Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021