IBM digital forensics team has just released a couple of reports on security vulnerabilities in some of its products. The first report concerns a vulnerability in IBM ServeRAID Manager, versions 9.30-17006 and earlier. This flaw exposes a Java RMI that would allow an unauthenticated remote threat actor to execute arbitrary code on the exposed system.
This implementation includes a built-in instance of Java version 1.4.2; both developments are no longer supported. ServeRAID Manager employs a Java remote method invocation on port 34571/tcp that listens on all default interfaces.
Because ServeRAID Manager runs with administrator privileges on Windows systems, an unauthenticated hacker with network access can exploit the vulnerable RMI interface to launch an attack, similar to the known vulnerability tracked as CVE-2011-3556.
The flaw was reported by the expert team set by Brendan Saulsbury, Ariel Montano Cardenas, Lavelle Perry and Swagat Das. Because ServeRAID Manager is no longer supported, digital forensics specialists consider it unlikely that IBM will release a security update.
On the other hand, IBM reported the discovery of a vulnerability in OpenSSL that affects IBM Rational Team Concert; exploiting this flaw would allow a remote hacker to abuse the application.
OpenSSL is used by the Rational BuildForge Agent, delivered with IBM Rational Team Concert (RTC). The fault has already been addressed by the managers of this product. The versions exposed to the exploitation of this flaw are:
- Rational Team Concert v6.0.2
- Rational Team Concert v6.0.6.1
- Rational Team Concert v6.0.6
The report mentions that the failure is of low severity; however, administrators of the affected deployments are advised to install the updates released by IBM to completely mitigate the risk of exploiting the vulnerability. According to digital forensics specialists, details on these findings can be found on IBM’s official platforms.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.