IBM52FC93578A5DD8E09A7B01F44709B8191EFBF9110239F767762E410203832DB8Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2024 - Includes Oracle January 2024 CPU plus CVE-2023-33850
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.5 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
43.0%
Summary
IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin.
Vulnerability Details
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Tivoli Business Service Manager | 6.2.0 |
Remediation/Fixes
Principal Product and Version(s)
| Affected Supporting Product and Version(s)
—|—
IBM Tivoli Business Service Manager 6.2.0|
IBM strongly recommends addressing the vulnerability now by upgrading the Java SDK.
Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition
- Upgrade to IBM® SDK, Java™ Technology Edition Version 8 Service Refresh 8 FP20, please follow How to upgrade JREs shipped with Tivoli Business Service Manager to upgrade.
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| tivoli business service manager | eq | 6.1 | |
| tivoli business service manager | eq | 6.1.1 | |
| tivoli business service manager | eq | 6.2 |
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.5 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
43.0%