Security Bulletin: Vulnerability in IBM® Runtime Environment Java™ Version 8  affect Cloud Pak System. [CVE-2023-30441]

Summary

Vulnerability in IBM® Runtime Environment Java™ Version 8 used by Cloud Pak System. Cloud Pak System has addressed vulnerability. [CVE-2023-30441]

Vulnerability Details

CVEID:CVE-2023-30441
**DESCRIPTION:**IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253188 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Remediation/Fixes

Cloud Pak System upgraded Java to IBM SDK Java 8.0.7.15 along with Cloud Pak System v2.3.3.6.

For IBM Cloud Pak System V2.3.3.4, V2.3.3.5

upgrade to IBM Cloud Pak System V2.3.3.6 at Fix Central

Information on upgrading at : <http://www.ibm.com/support/docview.wss?uid=ibm10887959&gt;

Workarounds and Mitigations

None