Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.IBM_JAVA_2022_05_01.NASL
HistorySep 14, 2022 - 12:00 a.m.

IBM Java 8.0 < 8.0.7.10

2022-09-1400:00:00
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
JSON

The version of IBM Java installed on the remote host is prior to 8.0 < 8.0.7.10. It is, therefore, affected by a vulnerability as referenced in the IBM Security Update May 2022 advisory.

  • In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles. (CVE-2021-41041)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(165083);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/09/14");

  script_cve_id("CVE-2021-41041");

  script_name(english:"IBM Java 8.0 < 8.0.7.10");

  script_set_attribute(attribute:"synopsis", value:
"IBM Java is affected a vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of IBM Java installed on the remote host is prior to 8.0 < 8.0.7.10. It is, therefore, affected by a
vulnerability as referenced in the IBM Security Update May 2022 advisory.

  - In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode
    verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to
    be invoked using MethodHandles. (CVE-2021-41041)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ42469");
  # https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities#IBM_Security_Update_May_2022
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?03df4b7c");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the IBM Security Update May 2022 advisory.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-41041");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/04/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/05/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/09/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:java");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ibm_java_nix_installed.nbin", "ibm_java_win_installed.nbin");
  script_require_keys("installed_sw/Java");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

var app_list = ['IBM Java'];
var app_info = vcf::java::get_app_info(app:app_list);

var constraints = [
  { 'min_version' : '8.0.0', 'fixed_version' : '8.0.7.10' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
VendorProductVersionCPE
ibmjavacpe:/a:ibm:java

Related

osv 1
ubuntucve 1
ibm 32
cve 1
cvelist 1
redhatcve 1
prion 1
nessus 3
redhat 2
aix 1
suse 1
openvas 1
osv
osv
CVE-2021-41041
2022-04-27 02:15:38
ubuntucve
ubuntucve
CVE-2021-41041
2022-04-27 00:00:00
ibm
ibm
Security Bulletin: CVE-2021-41041 may affect IBM® SDK, Java™ Technology Edition
2022-09-14 13:29:17
Security Bulletin: IBM CICS TX Advanced is vulnerable to allowing a remote attacker to bypass security restrictions (CVE-2021-41041).
2023-02-14 21:04:36
Security Bulletin: Vulnerability in IBM SDK, Java Technology (CVE-2021-41041) affects Power HMC
2022-09-28 08:38:47
cve
cve
CVE-2021-41041
2022-04-27 02:15:00
cvelist
cvelist
CVE-2021-41041
2022-04-27 02:10:10
redhatcve
redhatcve
CVE-2021-41041
2022-09-20 08:13:15
prion
prion
Design/Logic Flaw
2022-04-27 02:15:00
nessus
nessus
RHEL 8 : java-1.8.0-ibm (RHSA-2022:5837)
2022-08-02 00:00:00
RHEL 7 : java-1.8.0-ibm (RHSA-2022:4959)
2022-06-08 00:00:00
openSUSE 15 Security Update : java-1_8_0-openj9 (SUSE-SU-2022:3092-1)
2023-01-20 00:00:00
redhat
redhat
(RHSA-2022:5837) Moderate: java-1.8.0-ibm security update
2022-08-02 07:29:26
(RHSA-2022:4959) Moderate: java-1.8.0-ibm security update
2022-06-08 12:24:05
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2022-12-22 10:09:37
suse
suse
Security update for java-1_8_0-openj9 (important)
2022-09-06 00:00:00
openvas
openvas
openSUSE: Security Advisory for java-1_8_0-openj9 (SUSE-SU-2022:3092-1)
2022-09-07 00:00:00
JSON
Related for IBM_JAVA_2022_05_01.NASL
osv1ubuntucve1ibm32cve1cvelist1redhatcve1prion1nessus3redhat2aix1suse1openvas1