[BESAdmin-Announcements] Content in the BigFix Server Automation site has been modified

Announcements for BES Administrators besadmin-announcements at bigmail.bigfix.com
Thu May 20 10:11:02 PDT 2021 

Content in the BigFix Server Automation site has been modified.

Reason for Updates:

*Fixed Defect Article : KB0089756 : Unable to schedule a plan when using TZ UTC+5:30
*Refreshed the embedded version of OpenSSL 1.0.2y
*Addressed SA Rest Node Product Integrity Testing findings SCM-1
*SA Rest Node 14.16.0 upgrades
*Security Vulnerabilities addressed:

Multiple Vulnerabilities in IBM(r) Java SDK affect WebSphere Application Server January 2021 CPU
CVEID:   CVE-2020-2773
DESCRIPTION:   An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVEID:   CVE-2020-14782
DESCRIPTION:   An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVEID:   CVE-2020-27221
DESCRIPTION:   Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVEID:   CVE-2020-14781
DESCRIPTION:   An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVEID:   CVE-2019-17571
DESCRIPTION:   Included in Log4j 1.2 is a Socket Server class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

Published site version:
*Server Automation - Site Version: 76

Actions to Take:
*Gathering of the site will have the new content automatically applied

BigFix Application Engineering Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20210520/8d8dfdb7/attachment.html>

More information about the Besadmin-announcements mailing list