Security Bulletin: The IBM® Engineering Lifecycle Management products recommendation for Java SE CVEs (CVE-2022-21496, CVE-2022-21434, CVE-2022-21443)

Summary

Oracle Java SE released list of CVEs and their corresponding patches in April Quarterly updates.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Products

|

Version

—|—

Jazz Foundation

|

CLM 6.0.6.1, CLM 6.0.6, ELM 7.0.2, ELM 7

BM Engineering Workflow Management

|

EWM 7.0.2, EWM 7.0.1, RTC 6.0.6.1, EWM 7

IBM Engineering Requirements Management DOORS Next

|

DOORS Next 7.0.2, DOORS Next 7.0, DOORS Next 7.0.1

IBM Common Licensing

|

LKS 9.0, Agent 9.0, ART 9.0, Client 9.0

Global Configuration Management

|

All

IBM Jazz Reporting Service

|

6.0.6.1, 6.0.6,7.0, 7.0.2, 7.0.1, All

IBM Engineering Lifecycle Optimization - Engineering Insights

|

RELM 6.0.6.1, ENI 7.0.1, RELM 6.0.6, ENI 7.0, ENI 7.0.2

Remediation/Fixes

IBM® Engineering Lifecycle Management products do not require any additional fix and recommend users to follow the resolution steps given in:

Oracle Critical Patch Update Advisory - April 2022

Workarounds and Mitigations

None