There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Host On-Demand. Host On-Demand has provided a fix for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in Oracle October 2021 CPU (minus CVE-2021-35550/35561/35603).
CVEID:CVE-2021-35586
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211661 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-35564
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211640 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
Host On-Demand | 13 - 13.0.6 |
Host On-Demand | 14 - 14.0.5.0_iFix001 |
IBM strongly recommends addressing the vulnerability now by installing this fix or a newer iFix or Fix Pack.
Product
|
VRMF
|
Remediation
|
**File Name **
—|—|—|—
Host On-Demand
|
13.0 - 13.0.6
|
|
HOD_13.0.6_RefreshPac
Host On-Demand
|
14.0 - 14.0.5.0_iFix001
|
|
HOD_14.0.5.0_iFix001
None