Cybersecurity specialists report the detection of two vulnerabilities in IBM Common Licensing, a popular license manager for monitoring activities such as license access, simultaneous use and downtime. According to the report, successful exploitation of these flaws could lead to severe attack scenarios.

Below are brief descriptions of the reported flaws, as well as their respective tracking keys and scores according to the Common Vulnerability Scoring System (CVSS).

CVE-2021-45046: Improper implementation to address remote code injection vulnerabilities in Apache Log4j v2.15.0 would allow threat actors with control over thread context map (MDC) input data would allow remote hackers to pass malicious data using a JNDI search pattern, allowing data extraction, arbitrary code execution and denial of service (DoS) attacks.

The vulnerability received a CVSS score of 8.1/10.

CVE-2021-45105: An infinite loop within the StrSubstitutor class would allow threat actors to pass specially crafted inputs to the affected application, consuming all system resources and leading to a DoS condition.

The flaw received a CVSS score of 6.7/10.

According to the report, both vulnerabilities reside in IBM Common Licensing v9.0 and, while active exploitation attempts are not yet detected, administrators of affected deployments are advised to update as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.