Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMDA5EAC2294284B7BBFBA44D7FC24415A75B51D901728FA4DC08713BCE7B6E02F
HistoryNov 04, 2021 - 4:24 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium

2021-11-0416:24:37
www.ibm.com
36

0.003 Low

EPSS

Percentile

69.3%

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Security Guardium. These issues were disclosed as part of the IBM Java SDK updates in Jan 2021 and CVE-2020-2773 from Oracle Apr 2020 CPU

Vulnerability Details

CVEID:CVE-2020-14803
**DESCRIPTION:**An unspecified vulnerability in Java SE could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190121 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2020-2773
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179673 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)

IBM Security Guardium

| 10.5

IBM Security Guardium

| 10.6

IBM Security Guardium|

11.0

IBM Security Guardium| 11.1

IBM Security Guardium|

11.2

BM Security Guardium|

11.3

Remediation/Fixes

Product Versions Fix
IBM Security Guardium 10.5

http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=Linux&function=fixId&fixids=SqlGuard_10.0p545_Bundle_Oct-19-2021&includeSupersedes=0&source=fc

IBM Security Guardium| 10.6
|

http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p675_Bundle_Aug-11-2021&includeSupersedes=0&source=fc

IBM Security Guardium| 11.0
|

http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p40_Bundle_Oct-04-2021&includeSupersedes=0&source=fc

IBM Security Guardium| 11.1
|

http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=All&function=fixId&fixids=SqlGuard_11.0p140_Bundle_May-24-2021&includeSupersedes=0&source=fc

IBM Security Guardium| 11.2
|

http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=All&function=fixId&fixids=SqlGuard_11.0p240_Bundle_May-10-2021&includeSupersedes=0&source=fc

BM Security Guardium| 11.3
|

http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p330_Bundle_Oct-06-2021&includeSupersedes=0&source=fc

Workarounds and Mitigations

None

Related

ibm 98
cve 2
nessus 40
openvas 15
prion 2
veracode 2
cvelist 2
suse 1
redhatcve 2
redhat 10
debiancve 2
alpinelinux 2
nvd 2
osv 2
ubuntucve 2
f5 2
aix 1
rosalinux 1
oraclelinux 4
centos 3
amazon 3
mageia 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server January 2021 CPU that is bundled with IBM WebSphere Application Server Patterns
2021-03-05 18:01:28
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Symphony
2021-04-09 09:24:31
Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Cloud
2022-10-07 16:01:56
cve
cve
CVE-2020-14803
2020-10-21 15:15:20
CVE-2020-2773
2020-04-15 14:15:26
nessus
nessus
Oracle Java SE 1.7.0_291 / 1.8.0_281 / 1.11.0_10 / 1.15.0_2 Information Disclosure (Windows Jan 2021 CPU)
2021-01-20 00:00:00
IBM Java 7.0 < 7.0.10.80 / 7.1 < 7.1.4.80 / 8.0 < 8.0.6.25
2022-04-29 00:00:00
SUSE SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2021:0533-1)
2021-02-22 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2021:0665-1)
2021-04-19 00:00:00
openSUSE: Security Advisory for java-1_8_0-openjdk (openSUSE-SU-2021:0374-1)
2021-04-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:0533-1)
2021-04-19 00:00:00
prion
prion
Design/Logic Flaw
2020-10-21 15:15:00
Design/Logic Flaw
2020-04-15 14:15:00
veracode
veracode
Information Disclosure
2020-10-23 08:58:36
Denial Of Service (DoS)
2020-08-11 03:22:29
cvelist
cvelist
CVE-2020-14803
2020-10-21 14:04:26
CVE-2020-2773
2020-04-15 13:29:45
suse
suse
Security update for java-1_8_0-openjdk (moderate)
2021-03-03 00:00:00
redhatcve
redhatcve
CVE-2020-14803
2020-10-20 21:17:14
CVE-2020-2773
2020-04-14 22:03:26
redhat
redhat
(RHSA-2021:0717) Critical: java-1.8.0-ibm security update
2021-03-03 20:42:35
(RHSA-2021:0736) Critical: java-1.8.0-ibm security update
2021-03-04 17:36:10
(RHSA-2021:0733) Critical: java-1.7.1-ibm security update
2021-03-04 15:12:34
debiancve
debiancve
CVE-2020-14803
2020-10-21 15:15:20
CVE-2020-2773
2020-04-15 14:15:26
alpinelinux
alpinelinux
CVE-2020-14803
2020-10-21 15:15:20
CVE-2020-2773
2020-04-15 14:15:26
nvd
nvd
CVE-2020-14803
2020-10-21 15:15:20
CVE-2020-2773
2020-04-15 14:15:26
osv
osv
CVE-2020-14803
2020-10-21 15:15:20
CVE-2020-2773
2020-04-15 14:15:26
ubuntucve
ubuntucve
CVE-2020-14803
2020-10-21 00:00:00
CVE-2020-2773
2020-04-15 00:00:00
f5
f5
K91643220 : Java vulnerabilities CVE-2020-2659 and CVE-2020-2773
2021-04-09 00:00:00
K45012029 : OpenJDK vulnerability CVE-2020-14796, CVE-2020-14798, CVE-2020-14803
2022-10-25 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2021-03-15 10:22:29
rosalinux
rosalinux
Advisory ROSA-SA-2023-2315
2023-12-19 12:25:07
oraclelinux
oraclelinux
java-1.8.0-openjdk security and bug fix update
2020-10-27 00:00:00
java-1.8.0-openjdk security update
2020-10-27 00:00:00
java-11-openjdk security update
2020-10-23 00:00:00
centos
centos
java security update
2020-11-06 21:59:28
java security update
2020-11-06 21:58:30
java security update
2020-11-09 13:12:26
amazon
amazon
Medium: java-1.8.0-openjdk
2020-12-16 20:31:00
Medium: java-1.8.0-openjdk
2021-01-05 23:34:00
Medium: java-1.8.0-openjdk
2021-01-12 22:51:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2020-11-14 00:20:36

0.003 Low

EPSS

Percentile

69.3%

JSON
Related for DA5EAC2294284B7BBFBA44D7FC24415A75B51D901728FA4DC08713BCE7B6E02F
ibm98cve2nessus40openvas15prion2veracode2cvelist2suse1redhatcve2redhat10debiancve2alpinelinux2nvd2osv2ubuntucve2f52aix1rosalinux1oraclelinux4centos3amazon3mageia1