Content in the BigFix Server Automation site has been modified 2021-05-20

Release Announcements Lifecycle (Release Announcements)
1

Content in the BigFix Server Automation site has been modified.

Reason for Updates:

*Fixed Defect Article : KB0089756 : Unable to schedule a plan when using TZ UTC+5:30
*Refreshed the embedded version of OpenSSL 1.0.2y
*Addressed SA Rest Node Product Integrity Testing findings SCM-1
*SA Rest Node 14.16.0 upgrades
*IBM Java upgrade to JDK 8.0.6.26

*Security Vulnerabilities addressed:

Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server January 2021 CPU
CVEID: CVE-2020-2773
DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVEID: CVE-2020-14782
DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVEID: CVE-2020-27221
DESCRIPTION: Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVEID: CVE-2020-14781
DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVEID: CVE-2019-17571
DESCRIPTION: Included in Log4j 1.2 is a Socket Server class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2.17.

Published site version:
*Server Automation - Site Version: 76
*Plan engine version 9.5.57

Actions to Take:
*Gathering of the site will have the new content automatically applied

BigFix Application Engineering Team