Lucene search
K

IBM Java 7.1 < 7.1.5.24 / 8.0 < 8.0.8.35

🗓️ 04 Dec 2024 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 14 Views

IBM Java versions prior to 7.1.5.24 and 8.0.8.35 are vulnerable as per December 2024 advisory.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management
9 Jan 202510:41
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Storage Protect Server
25 Jun 202516:31
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Tivoli Netcool Impact
27 Jan 202518:19
ibm
IBM Security Bulletins
Security Bulletin: Security vulnerabilities in Java SE shipped with IBM CICS TX Standard.
4 Mar 202509:52
ibm
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities in IBM API Connect
15 Mar 202500:18
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in Java SE (component: Hotspot: CVE-2024-10917, CVE-2024-21235, CVE-2024-21217, CVE-2024-21210, CVE-2024-21208) affect IBM PowerVM Novalink.
1 Apr 202507:50
ibm
IBM Security Bulletins
Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Semeru Runtime
27 Feb 202515:56
ibm
IBM Security Bulletins
Security Bulletin: Due to use of IBM SDK, Java Technology Edition, IBM Tivoli Application Dependency Discovery Manager is vulnerable to multiple vulnerabilities.
8 Jan 202611:35
ibm
IBM Security Bulletins
Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to a partial denial of service and a JNI function returning incorrect value length due to multiple vulnerabilities.
4 Mar 202621:14
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities affect IBM® Semeru Runtime
11 Dec 202410:20
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(212060);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/01/10");

  script_cve_id("CVE-2024-10917");

  script_name(english:"IBM Java 7.1 < 7.1.5.24 / 8.0 < 8.0.8.35");

  script_set_attribute(attribute:"synopsis", value:
"IBM Java is affected a vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of IBM Java installed on the remote host is 7.1 prior to 7.1.5.24 / 8.0 prior to 8.0.8.35. It is, therefore,
affected by a vulnerability as referenced in the IBM Security Update December 2024 advisory.

  - In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value
    which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number
    of characters. (CVE-2024-10917)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ53059");
  # https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities#IBM_Security_Update_December_2024
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?48536b73");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the IBM Security Update December 2024 advisory.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-10917");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/11/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/12/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/12/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:java");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2024-2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ibm_java_nix_installed.nbin", "ibm_java_win_installed.nbin");
  script_require_keys("installed_sw/Java");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

var app_list = ['IBM Java'];
var app_info = vcf::java::get_app_info(app:app_list);

var constraints = [
  { 'min_version' : '7.1.0', 'fixed_version' : '7.1.5.24' },
  { 'min_version' : '8.0.0', 'fixed_version' : '8.0.8.35' }
];

vcf::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_WARNING
);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

10 Jan 2025 00:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS 3.13.7 - 5.3
EPSS0.0042
SSVC
14