CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
61.8%
Identity Insight customers are advised to update OpenJDK 17 to version 17.0.12.0 for the security update in Java.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
IBM InfoSphere Identity Insight | 10.0.0.0 |
The listed vulnerability issues are addressed.
CVE-ID | Description |
---|---|
CVE-2024-27267 | The Object Request Broker (ORB) in IBM SDK, Java Technology Edition is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads, |
CVE-2024-21147 | An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity impacts. |
CVE-2024-21145 | An unspecified vulnerability in Java SE related to the 2D component could allow a remote attacker to cause low confidentiality, low integrity impacts. |
CVE-2024-21140 | An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality, low integrity impacts. |
CVE-2024-21138 | An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low availability impact. |
CVE-2024-21131 | An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low integrity impact. |
CVE-2024-21094 | |
CVE-2024-21085 | |
CVE-2024-21011 | An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality impact, low integrity impact, and low availability impact. |
CVE-2024-20952 | An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high confidentiality impact and high integrity impact. |
CVE-2024-20945 | An unspecified vulnerability in Java SE related to the VM component could allow a local authenticated attacker to cause high confidentiality impact. |
CVE-2024-20926 | An unspecified vulnerability in Java SE related to the Scripting component could allow a remote attacker to cause high confidentiality impact. |
| An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality impact and high integrity impact.
CVE-2023-38264 | IBM SDK, Java Technology Edition’s Object Request Broker (ORB) is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters.
CVE-2023-33850 | IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-5676 | In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing.
Steps
This section provides instructions on how to update OpenJDK used in IBM InfoSphere Identity Insight (II) 10.0.0.0 to OpenJDK 17.0.12.0.
Download OpenJDK 17.0.12.0 for the desired platform.
* Windows : <https://github.com/ibmruntimes/semeru17-binaries/releases/download/jdk-17.0.12%2B7_openj9-0.46.0/ibm-semeru-open-jdk_x64_windows_17.0.12_7_openj9-0.46.0.zip>
* Linux : <https://github.com/ibmruntimes/semeru17-binaries/releases/download/jdk-17.0.12%2B7_openj9-0.46.0/ibm-semeru-open-jdk_x64_linux_17.0.12_7_openj9-0.46.0.tar.gz>
* AIX : https://github.com/ibmruntimes/semeru17-binaries/releases/download/jdk-17.0.12%2B7_openj9-0.46.0/ibm-semeru-open-jdk_ppc64_aix_17.0.12_7_openj9-0.46.0.tar.gz11%2B9_openj9-0.44.0/ibm-semeru-open-jdk_ppc64_aix_17.0.11_9_openj9-0.44.0.tar.gz
Stop Liberty Server.
Windows
<ii_install_dir>\bin\stopIIServer.bat
Linux/AIX
<ii_install_dir>/bin/stopIIServer
Backup the java directory in the <ii_install_dir> by renaming it.
* Find out what version of the current java in <ii_install_dir>.
Windows
<ii_instal_dir>\java\bin\java -version
Linux/AIX
<ii_install_dir>/java/bin/java -version
* Rename the java directory to java__<version>, substitute <version> with the version number of the current java.
Windows
move <ii_install_dir>\java <ii_install_dir>\java<version>
Linux/AIX
mv <ii_install_dir>/java <ii_install_dir>/java_<version>
Extract the downloaded file under <ii_install_dir>. A ‘jdk-17.0.12+7’ is placed under <ii_install_dir>.
Rename ‘jdk-17.0.12+7’ to ‘java’.
Windows
move <ii_install_dir>\jdk-17.0.12+7 <ii_install_dir>\java
Linux/AIX
mv <ii_install_dir>/jdk-17.0.12+7 <ii_instal_dir>/java
If Liberty Server connects to DB2 database in SSL, add sslVersion parameter in db.xml file.
<dataSource id=“DefaultDataSource” jndiName=“jdbc/pipeline” type=“javax.sql.DataSource”>
<jdbcDriver libraryRef=“DB2Lib”/>
<properties.db2.jcc databaseName=“dbName”
serverName=“dbHost”
user=“db2User”
password=“dbUserPwd”
portNumber=“dbPort”
**sslVersion=“TLSv1.2” **ssLConnection=“true” />
</dataSource>
Verify the updated Java is used in Identity Insight.
* Restart Liberty Server.
Windows
<ii_install_dir>\bin\startIIServer.bat
Linux/AIX
<ii_install_dir>/bin/startIIServer
* View <ii_install_dir>/wlp/usr/servers/iiServer/logs/messages.log. Java used by Liberty Server is shown at the beginning of the file.
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | infosphere_identity_insight | 10.0.0.0 | cpe:2.3:a:ibm:infosphere_identity_insight:10.0.0.0:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
61.8%