CVE-2020-4287

Name of the Vulnerable Software and Affected Versions IBM i2 Intelligent Analyis Platform version 9.2.1 IBM i2 Analyst's Notebook (affected versions not specified)

Description The issue is caused by a memory corruption error, which could allow a remote attacker to execute arbitrary code on the system. This can be achieved by persuading a victim to open a specially-crafted document, potentially allowing the attacker to execute arbitrary code with the privileges of the victim or cause the application to crash.

Recommendations For IBM i2 Intelligent Analyis Platform version 9.2.1, update to a version that fixes the memory corruption error to prevent arbitrary code execution. For IBM i2 Analyst's Notebook, avoid using specially-crafted ANB files until a patch is available, and consider restricting access to sensitive documents to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability in IBM i2 Analyst's Notebook.