On Sunday, a new vulnerability was reported on the newswire relating to a Java vulnerability in the frequently used ‘commons-collection’ library. This reportedly affects java web-based applications world-wide.

Polonious’ development and security team reacted to this news within 24 hours.
The ‘commons-collection’ exploit allows an attack to vector directly into an IBM(tm) Websphere(tm) or JBOSS(tm) server running java applications on-line, exposing the server with command line access. This vulnerability is just as likely on Windows, OSX and Linux.
The security-trained senior engineers at Polonious have reviewed their popular PCMS (Polonious Case Management) product and declared it not vulnerable to this exploit. The library in question (commons-collection) is never used in a way that can cause this attack to succeed.

Whilst PCMS is not vulnerable to this attack, customers who choose to run IBM(tm) Websphere(tm) or Red Hat(tm) JBOSS(tm) for their Java web applications will need to review with their support contractors to ensure that they are not vulnerable. As a default, Polonious implement a hardened version of Apache Tomcat which is not vulnerable to this attack.

Polonious takes an active role in detecting, checking and removing any vulnerabilities reported on security feeds world-wide.

For further information on PCMS and Polonious, contact your local office in Australia or the USA.


Don't miss our next newsletter!

Our newsletter is sent once per month and covers interesting and relevant news and developments related to investigation management. Unsubscribe any time.

SIU Insights report 2021How do you compare to other SIUs?

Check out some interesting results from our SIU management survey. Submit below form to receive the download link and related updates going forward.

GICOP changes 2021Download the GICOP whitepaper and stay compliant.

Our whitepaper covers all aspects you need to know to stay compliant with the latest GICOP changes coming into effect in 2021. Submit below form to receive the download link and related updates going forward.