IBM Product Security Update Advisory (CVE-2024-41779)

Nov 29 2024

Overview

An update has been released to address vulnerabilities in IBM Products. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-41779

IBM Engineering Systems Design Rhapsody – Model Manager version: 7.0.2
IBM Engineering Systems Design Rhapsody – Model Manager version: 7.0.3

Resolved Vulnerabilities

A race condition could allow remote attackers to bypass security restrictions and possibly cause remote code execution (CVE-2024-41779)

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-41779

IBM Engineering Systems Design Rhapsody – Model Manager version: iFix031
IBM Engineering Systems Design Rhapsody – Model Manager version: iFix008

Referenced Sites

[1] CVE-2024-41779 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-41779

[2] Security Bulletin: IBM Engineering Systems Design Rhapsody – Model Manager – Race Condition Format Flaw (Uses of non-thread safe SimpleDateFormat.format() when enabling DEBUG log for IDMappingsService.verbose)

https://www.ibm.com/support/pages/node/7172535

IBM Product Security Update Advisory (CVE-2024-41779)

Mozilla Products November 2024 1st Security Update Advisory

Apache Arrow R Package Security Update Advisory (CVE-2024-52338)

Tags:

Mozilla Products November 2024 1st Security Update Advisory

Apache Arrow R Package Security Update Advisory (CVE-2024-52338)