Security Bulletin: An Unspecified Vulnerability in Java runtime affects Predictive Maintenance and Quality and Predictive Maintenance Insights (CVE-2021-35603)

Summary

IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises is bundled with IBM SPSS, IBM Cognos, IBM DB2 and IBM Websphere Application Server Liberty. Some of the component products are vulnerable to unspecified vulnerability in Java runtime (CVE-2021-35603). This has been addressed by the components affected by the issue. Please refer to the Remediation section for details.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Remediation/Fixes

IBM strongly recommends addressing the vulnerabilities now by applying interim fixes for all components as listed for all Affected Products/Versions listed above.

Affected Component

|

_Remediation/Fix _

|

**Security Bulletin and****Fix Details
**

—|—|—

DB2 11.5

|

The recommended solution is to apply the appropriate fix for this vulnerability.

The fix for this vulnerability is in a later version of IBM JDK. Customers running any vulnerable fixpack level of an affected Program can download the latest version of IBM JDK from Fix Central.

|

<https://www.ibm.com/support/pages/node/6591297&gt;

(CVE-2021-35603, CVE-2021-35550, CVE-2021-2341)

SPSS Collaboration and Deployment Services 8.2.1

|

Please apply Interim Fix for SPSS Collaboration and Deployment Services as per the Security Bulletin.

|

<https://www.ibm.com/support/pages/node/6565647&gt;

(CVE-2021-35603 , CVE-2021-35550 , CVE-2021-35578, ** **CVE-2022-21341 , CVE-2022-21294 , CVE-2022-21293 , CVE-2022-21248 )

SPSS Statistics Server 26.0

|

Please apply Interim Fix as per the Security Bulletin.

|

<https://www.ibm.com/support/pages/node/6596951&gt;(CVE-2021-35603)

Workarounds and Mitigations

None