Security Bulletin: Vulnerability in IBM Java Runtime affects Host On-Demand

Summary

There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by Host On-Demand. Host On-Demand has provided a fix for the applicable CVEs. This issue was disclosed as part of the IBM Java SDK and Runtime Environment updates in CVE-2023-30441.

Vulnerability Details

CVEID:CVE-2023-30441
**DESCRIPTION:**IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253188 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by installing this fix or a newer iFix or Fix Pack.

IBM Host On-Demand Server Fix

Product

|

VRMF

|

Remediation

|

**File Name **

—|—|—|—

Host On-Demand

|

13.0 - 13.0.7.0_iFix001

|

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Host+On-Demand&release=13.0.7&platform=All&function=all

|

HOD_13.0.7.0_iFix001

Host On-Demand

|

14.0 - 14.0.6.0_iFix001

|

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Host+On-Demand&release=14.0.6&platform=All&function=all

|

HOD_14.0.6.0_iFix001

**IBM Host On-Demand Client Fix **

Product

|

VRMF

|

Remediation*

|

**File Name **

—|—|—|—

Host On-Demand

|

13.0 - 13.0.7.0_iFix001

14.0 - 14.0.6.0_iFix001

|

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/IBM+Host+On-Demand&release=All&platform=All&function=all

|

IBM_JRE_8.0.8.5_WIN64

IBM_JRE_8.0.8.5_WIN32

*(Fix Central - search IBM Host On-Demand (All releases, All platforms))

Workarounds and Mitigations

None