heise PlusAbo
Anzeige

IBM developers close malware flaws in AIX and App Connect

Companies with IBM software should update their systems for security reasons.

listen Print view
Tastatur

(Image: Artur Szczybylo/Shutterstock.com)

1 min. read
Security
By

Attackers can use vulnerabilities in IBM AIX and App Connect Enterprise Certified Containers to execute malicious code and thus compromise systems.

Malicious code loopholes

In IBM's Unix operating system AIX, the developers have closed two Python vulnerabilities (CVE-2024-45803"medium", CVE-2024-6345"high"). If a victim clicks on a link prepared by an attacker, malicious code can reach PCs in the context of pypa/setuptools. The reason is a bug in the package_index module. A warning message explains how admins can secure systems against this.

The App Connect Enterprise Certified integration software can be attacked via four vulnerabilities. In the worst-case scenario, attackers can paralyze systems via a DoS attack or even execute their own code (CVE-2024-48622"high").

Videos by heise

The developers assure us that they have solved the security problems in the following versions:

  • App Connect Enterprise Certified Container Operator 12.2.0, DesignerAuthoring Component 12.0.12.4-r1
  • App Connect Enterprise Certified Container Operator 12.0.2, DesignerAuthoring component 12.0.12-r2
  • App Connect Enterprise Certified Container Operator 5.0.19, DesignerAuthoring component 12.0.12.3-r1

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten