Security Bulletin: Vulnerabilities in Eclipse OpenJ9 affects AIX LPARs in IBM PureData System for Operational Analytics (CVE-2021-41041)

Summary

There are one or more vulnerabilities in Eclipse OpenJ9 that is used in IBM PureData System for Operational Analytics AIX based LPARs (CVE-2021-41041).

Vulnerability Details

CVEID:CVE-2021-41041
**DESCRIPTION:**Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by failing to throw the exception captured during bytecode verification when verification. By sending a specially-crafted request, an attacker could exploit this vulnerability to make unverified methods to be invoked using MethodHandles.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225398 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

PureData System for Operational Analytics V1.1

Remediation/Fixes

Java installp packages are available. Please refer to the table below to determine the minimum levels needed.

Use the levels above and review the following technote to determine what to download and how to apply it to the environment.

Updating the system installed IBM® SDK Java™ Technology Edition packages in an IBM PureData System for Operational Analytics environment.

Workarounds and Mitigations

None