Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM5D99346EEFA797629EB87B3C00B435A495B8016A2D29A95F518221D3977DF942
HistoryMar 05, 2021 - 6:01 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server January 2021 CPU that is bundled with IBM WebSphere Application Server Patterns

2021-03-0518:01:28
www.ibm.com
13

0.004 Low

EPSS

Percentile

74.6%

JSON

Summary

There are multiple vulnerabilities in the IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM Java SDK updates in January 2021.

Vulnerability Details

CVEID:CVE-2020-14803
**DESCRIPTION:**An unspecified vulnerability in Java SE could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190121 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2020-27221
**DESCRIPTION:**Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195353 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2020-2773
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179673 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2020-14781
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190099 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM Java SDK shipped with IBM WebSphere Application Server Patterns 1.0.0.0 through 1.0.0.7 and 2.2.0.0 through 2.3.3.3.

Remediation/Fixes

Please see the IBM Java SDK Security Bulletin for WebSphere Application Server to determine which WebSphere Application Server versions are affected and to obtain the JDK fixes. The interim fix 1.0.0.0-WS-WASPATTERNS-JDK-2101 can be used to apply the January 2021 SDK iFixes in a PureApplication or Cloud Pak System Environment.

Download and apply the interim fix 1.0.0.0-WS-WASPATTERNS-JDK-2101.

Workarounds and Mitigations

None

Related

ibm 147
redhat 3
nessus 14
openvas 9
aix 1
cvelist 2
cve 2
redhatcve 4
ubuntucve 3
prion 2
osv 2
nvd 3
suse 1
veracode 2
alpinelinux 2
f5 1
debiancve 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Symphony
2021-04-09 09:24:31
Security Bulletin: Vulnerablities in IBM SDK, Java Technology Edition Quarterly.
2021-10-20 10:47:10
Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Cloud
2022-10-07 16:01:56
redhat
redhat
(RHSA-2021:0717) Critical: java-1.8.0-ibm security update
2021-03-03 20:42:35
(RHSA-2021:0736) Critical: java-1.8.0-ibm security update
2021-03-04 17:36:10
(RHSA-2021:0733) Critical: java-1.7.1-ibm security update
2021-03-04 15:12:34
nessus
nessus
RHEL 8 : java-1.8.0-ibm (RHSA-2021:0736)
2021-03-05 00:00:00
RHEL 7 : java-1.8.0-ibm (RHSA-2021:0717)
2021-03-05 00:00:00
SUSE SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2021:0670-1)
2021-03-02 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2021:0670-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:0512-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:0652-1)
2021-04-19 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2021-03-15 10:22:29
cvelist
cvelist
CVE-2020-27221
2021-01-21 04:55:11
CVE-2020-14803
2020-10-21 14:04:26
cve
cve
CVE-2020-27221
2021-01-21 05:15:10
CVE-2020-14781
2020-10-21 15:15:18
redhatcve
redhatcve
CVE-2020-27221
2021-02-14 21:28:31
CVE-2020-14803
2020-10-20 21:17:14
CVE-2020-14781
2020-10-20 21:16:54
ubuntucve
ubuntucve
CVE-2020-27221
2021-01-21 00:00:00
CVE-2020-14803
2020-10-21 00:00:00
CVE-2020-14781
2020-10-21 00:00:00
prion
prion
Stack overflow
2021-01-21 05:15:00
Design/Logic Flaw
2020-10-21 15:15:00
osv
osv
CVE-2020-27221
2021-01-21 05:15:10
CVE-2020-14803
2020-10-21 15:15:20
nvd
nvd
CVE-2020-27221
2021-01-21 05:15:10
CVE-2020-14803
2020-10-21 15:15:20
CVE-2020-14781
2020-10-21 15:15:18
suse
suse
Security update for java-1_8_0-openjdk (moderate)
2021-03-03 00:00:00
veracode
veracode
Information Disclosure
2020-10-23 08:58:36
Information Disclosure
2020-10-23 08:58:09
alpinelinux
alpinelinux
CVE-2020-14781
2020-10-21 15:15:18
CVE-2020-14803
2020-10-21 15:15:20
f5
f5
K000135507 : Java vulnerabilities CVE-2020-14781
2023-07-17 00:00:00
debiancve
debiancve
CVE-2020-14803
2020-10-21 15:15:20

0.004 Low

EPSS

Percentile

74.6%

JSON
Related for 5D99346EEFA797629EB87B3C00B435A495B8016A2D29A95F518221D3977DF942
ibm147redhat3nessus14openvas9aix1cvelist2cve2redhatcve4ubuntucve3prion2osv2nvd3suse1veracode2alpinelinux2f51debiancve1