Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM42F823016F580438604FFA389297906894BC45EE4629EF7586FF87B96CCE5B46
HistoryMay 08, 2024 - 4:16 a.m.

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Host On-Demand

2024-05-0804:16:11
www.ibm.com
2
ibm java sdk
ibm java runtime
host on-demand
vulnerability
eclipse openj9
denial of service
upgrade

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.4%

JSON

Summary

There is a vulnerability in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by Host On-Demand. Host On-Demand has addressed the applicable CVE. This issue was disclosed as part of the IBM Semeru Runtime Quarterly CPU - Oct 2023 - Includes OpenJDK October 2023 CPU plus CVE-2023-4807 and CVE-2023-5676.

Vulnerability Details

CVEID:CVE-2023-5676
**DESCRIPTION:**Eclipse OpenJ9 is vulnerable to a denial of service, caused by a flaw when a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause an infinite busy hang on a spinlock or a segmentation fault.
CVSS Base score: 4.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271615 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
HOD 15.0-15.0.1

Remediation/Fixes

For Client Fix

Upgrade to fixed updated HOD version from the following location:

HOD v15.0.2

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Host+On-Demand&release=15.0.2&platform=All&function=all

Workarounds and Mitigations

None

Related

ibm 106
cvelist 2
prion 2
redos 2
openvas 10
osv 2
nessus 20
cve 2
ubuntucve 1
redhatcve 2
debiancve 1
alpinelinux 1
cbl_mariner 1
openssl 1
photon 3
redhat 2
aix 1
ics 3
hp 1
oracle 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities affect IBM® Semeru Runtime
2023-11-29 13:16:18
Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2023-22081, CVE-2023-22067, CVE-2023-4807 & CVE-2023-5676)
2024-01-29 08:30:02
Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java
2024-05-10 04:07:30
cvelist
cvelist
CVE-2023-5676 Eclipse OpenJ9 possible infinite busy hang
2023-11-15 14:02:01
CVE-2023-4807 POLY1305 MAC implementation corrupts XMM registers on Windows
2023-09-08 11:01:53
prion
prion
Design/Logic Flaw
2023-09-08 12:15:00
Design/Logic Flaw
2023-11-15 14:15:00
redos
redos
ROS-20230918-02
2023-09-18 00:00:00
ROS-20240409-06
2024-04-09 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2023-3255)
2023-12-12 00:00:00
OpenSSL Security Vulnerability (20230908) - Windows
2023-09-08 00:00:00
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2023-3283)
2023-12-12 00:00:00
osv
osv
CVE-2023-5676
2023-11-15 14:15:07
CVE-2023-4807
2023-09-08 12:15:08
nessus
nessus
EulerOS 2.0 SP11 : openssl (EulerOS-SA-2023-3255)
2024-01-16 00:00:00
EulerOS 2.0 SP11 : openssl (EulerOS-SA-2023-3283)
2024-01-16 00:00:00
OpenSSL 1.1.1 < 1.1.1w Vulnerability
2023-09-12 00:00:00
cve
cve
CVE-2023-4807
2023-09-08 12:15:08
CVE-2023-5676
2023-11-15 14:15:07
ubuntucve
ubuntucve
CVE-2023-4807
2023-09-08 00:00:00
redhatcve
redhatcve
CVE-2023-4807
2023-09-08 15:05:36
CVE-2023-5676
2023-11-17 10:44:47
debiancve
debiancve
CVE-2023-4807
2023-09-08 12:15:08
alpinelinux
alpinelinux
CVE-2023-4807
2023-09-08 12:15:08
cbl_mariner
cbl_mariner
CVE-2023-4807 affecting package kata-containers for versions less than 3.2.0.azl1-1
2024-05-17 21:38:35
openssl
openssl
Vulnerability in OpenSSL CVE-2023-4807
2023-09-08 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0472
2023-09-15 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0651
2023-09-15 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0096
2023-09-20 00:00:00
redhat
redhat
(RHSA-2024:0879) Moderate: java-1.8.0-ibm security update
2024-02-20 08:52:56
(RHSA-2024:0866) Moderate: java-1.8.0-ibm security update
2024-02-19 17:55:11
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2023-12-18 09:27:21
ics
ics
Siemens SIMATIC RTLS Locating Manager
2024-05-16 12:00:00
Siemens Telecontrol Server Basic
2024-04-11 12:00:00
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
hp
hp
HP Device Manager Security Updates
2023-10-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.4%

JSON
Related for 42F823016F580438604FFA389297906894BC45EE4629EF7586FF87B96CCE5B46
ibm106cvelist2prion2redos2openvas10osv2nessus20cve2ubuntucve1redhatcve2debiancve1alpinelinux1cbl_mariner1openssl1photon3redhat2aix1ics3hp1oracle1