Kexu Wang

**Name of the Vulnerable Software and Affected Versions** IBM i2 Intelligent Analyis Platform version 9.2.1 **Description** The issue is caused by a memory corruption, allowing a local attacker to execute arbitrary code on the system. This can be achieved by persuading a victim to open a specially-crafted file. **Recommendations** For IBM i2 Intelligent Analyis Platform version 9.2.1, consider restricting access to files from untrusted sources to minimize the risk of exploitation. As a temporary workaround, avoid opening specially-crafted files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM i2 Intelligent Analyis Platform version 9.2.1 **Description** The issue is caused by a memory corruption error, allowing a remote attacker to execute arbitrary code on the system. This can be achieved by persuading a victim to open a specially-crafted document, potentially executing arbitrary code with the victim's privileges or causing the application to crash. **Recommendations** For IBM i2 Intelligent Analyis Platform version 9.2.1, consider restricting access to specially-crafted documents until a patch is available. As a temporary workaround, avoid opening untrusted documents to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM i2 Intelligent Analyis Platform version 9.2.1 **Description** The issue is caused by a memory corruption, allowing a remote attacker to execute arbitrary code on the system. This can be achieved by persuading a victim to open a specially crafted file, which could also cause the application to crash. **Recommendations** For IBM i2 Intelligent Analyis Platform version 9.2.1, consider restricting access to files from untrusted sources to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid opening specially crafted files that could trigger the memory corruption issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Webex Network Recording Player for Microsoft Windows (affected versions not specified) Cisco Webex Player for Microsoft Windows (affected versions not specified) **Description** A vulnerability exists due to insufficient validation of certain elements within Webex recordings stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). This issue can be exploited by an attacker sending a malicious ARF or WRF file to a user through a link or email attachment, persuading the user to open the file with the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. The vulnerability is also related to a buffer overflow in memory, which can be exploited using specially crafted ARF or WRF files. **Recommendations** For Cisco Webex Network Recording Player for Microsoft Windows, consider disabling the ability to open ARF and WRF files until a patch is available. For Cisco Webex Player for Microsoft Windows, restrict access to files in the Advanced Recording Format (ARF) and Webex Recording Format (WRF) to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM i2 Intelligent Analyis Platform version 9.2.1 **Description** The issue is related to a buffer overflow in memory, which can be exploited by a remote attacker to execute arbitrary code on the system or cause the application to crash. This can be achieved by persuading a victim to open a specially-crafted document. The exploitation allows the attacker to execute code with the privileges of the victim. **Recommendations** For IBM i2 Intelligent Analyis Platform version 9.2.1, consider avoiding the use of specially-crafted documents until a patch is available. As a temporary workaround, restrict access to the platform to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM i2 Intelligent Analyis Platform version 9.2.1 **Description** The issue is caused by a memory corruption, allowing a remote attacker to execute arbitrary code on the system by persuading a victim to open a specially crafted file. This could also cause the application to crash. The vulnerability is related to a buffer overflow in memory, which can be exploited to execute arbitrary code or cause a denial of service. **Recommendations** For IBM i2 Intelligent Analyis Platform version 9.2.1, consider avoiding the use of specially crafted files until a patch is available. As a temporary workaround, restrict access to files with the ANB extension to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM i2 Intelligent Analyis Platform version 9.2.1 IBM i2 Analyst's Notebook (affected versions not specified) **Description** The issue is caused by a memory corruption error, which could allow a remote attacker to execute arbitrary code on the system. This can be achieved by persuading a victim to open a specially-crafted document, potentially allowing the attacker to execute arbitrary code with the privileges of the victim or cause the application to crash. **Recommendations** For IBM i2 Intelligent Analyis Platform version 9.2.1, update to a version that fixes the memory corruption error to prevent arbitrary code execution. For IBM i2 Analyst's Notebook, avoid using specially-crafted ANB files until a patch is available, and consider restricting access to sensitive documents to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability in IBM i2 Analyst's Notebook.