Security Bulletin: IBM Planning Analytics and IBM Planning Analytics Workspace are affected by security vulnerabilities

Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Planning Analytics 2.0.9.11 and IBM Planning Analytics Workspace 2.0.72. There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by IBM Planning Analytics and IBM Planning Analytic...

CentOS 7 : java-1.7.1-ibm (RHSA-2021:0733)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0733 advisory. - Vulnerability in the Java SE product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 11.0.8 and 15. Easily...

CentOS 7 : java-1.8.0-ibm (RHSA-2021:0717)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0717 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JNDI. Supported versions that are affected are Java SE: 7u271,...

SUSE CVE-2020-27221

In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM CICS TX on Cloud

Summary IBM CICS TX on Cloud has addressed the following vulnerabilities reported by IBM® Runtime Environment Java™ Vulnerability Details CVEID:CVE-2020-14803 DESCRIPTION: An unspecified vulnerability in Java SE could allow an unauthenticated attacker to obtain sensitive information resulting in ...

Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Cloud

Summary Multiple vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud including January 2021 CPU, and deferred CVEs from Oracle April 2020 CPU and October 2020 CPU. Vulnerability Details CVEID:CVE-2020-14803 DESCRIPTION: An unspecified vulnerability in Java SE could allow an...

Security Bulletin: Vulnerability in IBM SDK Java affects IBM Cloud Pak System (CVE-2020-27221)

Summary Vulnerability in IBM SDK Java affects IBM Cloud Pak System. OS Image for Red Enterprise Linux shipped with Cloud Pak System addressed this vulnerability. Vulnerability Details CVEID: CVE-2020-27221 DESCRIPTION: Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when the virtual...

IBM Java 7.1 < 7.1.4.80 / 8.0 < 8.0.6.25 / 11.0 < 11.0.10.0

The version of IBM Java installed on the remote host is prior to 7.1 7.1.4.80 / 8.0 8.0.6.25 / 11.0 11.0.10.0. It is, therefore, affected by a vulnerability as referenced in the IBM Security Update February 2021 advisory. - In Eclipse OpenJ9 up to and including version 0.23, there is potential fo...

Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Snapshot for VMware (CVE-2020-27221, CVE-2020-14782)

Summary Vulnerabilities in IBM® Runtime Environment Java™ were disclosed as part of the IBM Java SDK updates in October 2020 and January 2021. IBM® Runtime Environment Java™ is used by IBM Spectrum Protect Snapshot for VMware and may be affected by the below vulnerabilities CVEs. Vulnerability...

Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Spectrum Protect Snapshot on AIX and Linux (CVE-2020-27221)

Summary Vulnerabilities in IBM® Runtime Environment Java™ were disclosed as part of the IBM Java SDK updates in January 2021. IBM® Runtime Environment Java™ is used by IBM Spectrum Protect Snapshot which may be affected by CVE-2020-27221 on AIX and Linux. UPDATED: 26 May 2021 - Added Fix for 4.1...

Security Bulletin: Vulnerablities in IBM SDK, Java Technology Edition Quarterly.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 SR10-FP80 and Version 8 SR6-FP25 used by IBM Tivoli Application Dependency Discovery Manager TADDM. These issues were disclosed as part of the IBM Java SDK updates. Vulnerability Details CVEID: CVE-2020-277...

Security Bulletin: Vulnerability in IBM Java affects Power Hardware Management Console (CVE-2020-27221).

Summary IBM Java is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-27221 DESCRIPTION: Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8...

Security Bulletin: IBM Data Replication Java SDK Update

Summary This bulletin covers common Java SDK vulnerability findings in the IBM Java SDK packaged with this offering. Vulnerability Details CVEID: CVE-2020-27221 DESCRIPTION: Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from...

Security Bulletin: Multiple vulnerabilities have been identified in Oracle Jan 2021 CPU for Java 8 shipped with IBM® Intelligent Operations Center (CVE-2020-14803) (CVE-2020-27221)

Summary Multiple vulnerabilities have been identified in Oracle Jan 2021 CPU for Java 8 which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerabili...

Security Bulletin: CVE-2020-27221 Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow

Summary Java SE issues disclosed in CVE-2020-27221 for IBM provided JRE. Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. By sending an overly long string, a remote attacker could...

Security Bulletin: Vulnerabilities in IBM Java Runtime Affect IBM Sterling Secure Proxy (CVE-2020-27221, CVE-2020-14782)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling Secure Proxy. IBM Sterling Secure Proxy has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-27221 DESCRIPTION: Eclipse OpenJ9 is vulnerable to a stack-based buffer...

Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11, v12 (CVE-2020-27221)

Summary Vulnerabilities in IBM® SDK Java™ Technology ,used by IBM Integration Bus & IBM App Connect Enterprise v11, v12. These issues were disclosed as part of the IBM Java SDK updates in January 2021. Vulnerability Details CVEID: CVE-2020-27221 DESCRIPTION: Eclipse OpenJ9 is vulnerable to a...

Security Bulletin: Potential vulnerability in Java

Summary A potential vulnerability has been identified related to Java. Refer to details for additional information. Vulnerability Details CVEID: CVE-2020-27221 DESCRIPTION: Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from...

Security Bulletin: January 2021 Patch Update for Java

Summary The January 2021 update to Java contains fixes for a number of potential vulnerabilities. Refer to the Details section for additional information. Vulnerability Details CVEID: CVE-2020-14803 DESCRIPTION: An unspecified vulnerability in Java SE could allow an unauthenticated attacker to...

Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearCase (CVE-2020-27221, CVE-2020-14782, CVE-2020-2773, CVE-2020-14781)

Summary There are vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which is used by IBM Rational ClearCase. These issues were disclosed as part of the IBM SDK, Java Technology Edition Quarterly CPU - Jan 2021 - Includes Oracle Jan 2021 CPU plus CVE-2020-27221, CVE-2020-1478...