Security Bulletin: Communications Server (CS) for Data Center Deployment and CS for AIX are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2024 - Includes Oracle October 2024 CPU plus CVE-2024-10917

Summary Communications Server CS for Data Center Deployment and CS for AIX install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database used by the TN3270 Server and...

MiracleLinux 9 : java-11-openjdk-11.0.25.0.9-2.el9.ML.1 (AXSA:2024-8933:18)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8933:18 advisory. giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function CVE-2023-48161 JDK: Array indexing integer overflow 8328544 CVE-2024-212...

MiracleLinux 8 : java-11-openjdk-11.0.25.0.9-2.el8 (AXSA:2024-8931:17)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8931:17 advisory. giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function CVE-2023-48161 JDK: Array indexing integer overflow 8328544 CVE-2024-212...

MiracleLinux 8 : java-1.8.0-openjdk-1.8.0.432.b06-2.el8 (AXSA:2024-8930:18)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8930:18 advisory. giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function CVE-2023-48161 JDK: Array indexing integer overflow 8328544 CVE-2024-212...

TencentOS Server 4: java-11-konajdk (TSSA-2024:1018)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1018 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: java-8-konajdk (TSSA-2024:0997)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0997 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Security Bulletin: OpenPages is vulnerable to IBM Semeru Runtime Quarterly CPU - Oct 2024 - Includes OpenJDK July 2024 CPU plus two additional CVEs

Summary Security Bulletin: OpenPages is vulnerable to IBM Semeru Runtime Quarterly CPU - Oct 2024 - Includes OpenJDK July 2024 CPU with CVEs CVE-2024-21217, CVE-2024-21208, CVE-2024-10917, CVE-2024-9143 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects App Connect Professional

Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in October 2024, App Connect Professional has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21235...

Security Bulletin: Vulnerability in Java SE affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Java SE has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

Security Bulletin: IBM Planning Analytics is affected by vulnerabilities in IBM® Java™ Version 8 and IBM® Semeru Runtime

Summary There are vulnerabilities in IBM® Java™ Version 8 and IBM® Semeru Runtime used by IBM Planning Analytics and IBM Planning Analytics Workspace. Please refer to the Related Information section below for vulnerability impact. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION:...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by AIX. AIX has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit vulnerability allows...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM® SDK Java™ used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle October 2024 Critical Pat...

Security Bulletin: IBM Copy Services Manager may be affected by multiple vulnerabilities due to IBM SDK which are addressed in the Java Technology Edition quarterly updates

Summary Multiple Vulnerabilities were disclosed as part of the JAVA SE March 2025 Patch Update. Although likelihood of these issues being exploited is very low, IBM Copy Services Manager frequently updates product stack to ensure the utmost security is maintained. Vulnerability Details Refer to t...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2024 - Includes Oracle October 2024 CPU plus CVE-2024-10917

Summary Multiple Vulnerabilities were disclosed as part of the JAVA SE March 2025 Critical Patch Update affecting IBM® SDK, Java™ Technology Edition in IBM License Key Server Administration and Reporting Tool ART and Administration Agent. For more information please refer to Oracle's CPU Advisory...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2024 - Includes Oracle October 2024 CPU plus CVE-2024-10917

Summary Multiple Vulnerabilities were disclosed as part of the JAVA SE March 2025 Critical Patch Update Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

Security Bulletin: Security vulnerabilities in Java SE shipped with IBM CICS TX Standard.

Summary There are multiple vulnerabilities in the Java SE version that is shipped with IBM CICS TX Standard. An update to IBM CICS TX Standard has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot...

Security Bulletin: IBM MQ Appliance is affected by multiple Java vulnerabilities (CVE-2024-10197, CVE-2024-21208 and CVE-2024-21217)

Summary IBM MQ Appliance has addressed multiple Java vulnerabilities. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...

Security Bulletin: IBM Sterling Connect:Direct for Unix is vulnerable to denial of service and unauthorized data access attacks due to IBM Runtime Environment Java Technology Edition Version 8

Summary IBM Java 8 is used by IBM Sterling Connect:Direct for Unix in product configuration and management. IBM Sterling Connect:Direct for Unix is impacted by denial of service and unauthorized data access attacks due to IBM Java 8. IBM Sterling Connect:Direct for Unix has upgraded IBM Java 8 to...

Security Bulletin: IBM Sterling Connect:Direct for Unix is vulnerable to denial of service and arbitrary code execution attacks due to IBM Runtime Environment Java Technology Edition Version 17

Summary IBM Java 17 is used by IBM Sterling Connect:Direct for Unix in product configuration and management. IBM Sterling Connect:Direct for Unix is impacted by denial of service and arbitrary code execution attacks due to IBM Java 17. IBM Sterling Connect:Direct for Unix has upgraded IBM Java 17...

Security Bulletin: Vulnerabilities in IBM Java SDK (CVE-2024-21217, CVE-2024-21208, CVE-2024-10917) affect Power HMC.

Summary The IBM Java SDK library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit vulnerability allows unauthenticated attacker...