Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ affect IBM Cloud Pak System [CVE-2024-21144, CVE-2024-21131, CVE-2024-27267]

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition affect IBM Cloud Pak System . These issues were disclosed as part of the IBM Java SDK updates in July 2024. Vulnerability Details CVEID:CVE-2024-21144 DESCRIPTION: An unspecified vulnerability in Java SE related to the Concurrency...

CVE-2021-27267

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2023-27267

Due to missing authentication and insufficient input validation, the OSCommand Bridge of SAP Diagnostics Agent - version 720, allows an attacker with deep knowledge of the system to execute scripts on all connected Diagnostics Agents. On successful exploitation, the attacker can completely...

CVE-2020-27267

KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity all versions, OPC-Aggregator all versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are...

Security Bulletin: IBM SDK Java Technology Edition is vulnerable to CVE-2024-27267, affecting WebSphere Service Registry and Repository due to July 2024 CPU

Summary IBM SDK Java Technology Edition is vulnerable to CVE-2024-27267, used by WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in January 2024. These issues are also addressed by WebSphere Application Server shipped with WebSphere Servi...

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-30203 DESCRIPTION: GNU Emacs could provide weaker than expected security,...

CVE-2025-27267

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in srcoley Random Quotes random-quotes allows Reflected XSS.This issue affects Random Quotes: from n/a through = 1.3...

Security Bulletin: IBM Planning Analytics is affected by vulnerabilities in IBM® Java™ Version 8, IBM® Semeru Runtime and IBM® Websphere Application Server Liberty

Summary There are vulnerabilities in IBM® Java™ Version 8 , IBM® Semeru Runtime and IBM® WebSphere Application Server Liberty used by IBM Planning Analytics and IBM Planning Analytics Workspace. Please refer to the Related Information section below for vulnerability impact. Vulnerability Details...

CVE-2025-27267

creationtimestamp| type| source ---|---|--- 2025-03-26 17:25:26+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8901...

Security Bulletin: A vulnerability exists in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Configuration Manager (CVE-2024-21147, CVE-2024-21145, CVE-2024-21140, CVE-2024-21144, CVE-2024-21138, CVE-2024-21131, CVE-2024-27267).

Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager ITNCM IP Edition v6.4.2. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

Security Bulletin: IBM PowerVM Novalink is vulnerable because an unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity impacts.(CVE-2024-21147)

Summary IBM PowerVM Novalink is vulnerable because an unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity impacts. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java ...

Security Bulletin: Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Jul 2024 - Includes Oracle July 2024 CPU plus CVE-2024-27267

Summary Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Jul 2024 - Includes Oracle July 2024 CPU plus CVE-2024-27267 Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could...

Security Bulletin: IBM Common Licensing using IBM® SDK, Java™ Technology Edition vulnerable to CVEs

Summary Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition in IBM License Key Server Administration and Reporting Tool ART and Administration Agent. For more information please refer to Oracle's CPU Advisory and the X-Force database entries referenced below. Vulnerability Details...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by AIX. AIX has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21145 DESCRIPTION: An unspecified vulnerability in Java SE related to the 2D component could allow a remote attacker to...

Multiple vulnerabilities in IBM Java SDK affect AIX

IBM SECURITY ADVISORY First Issued: Mon Nov 11 15:28:03 CST 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/javanov2024advisory.asc Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX...

Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high...

Security Bulletin: IBM Sterling Control Center is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Jul 2024 - Includes Oracle July 2024 CPU

Summary IBM SDK, Java Technology Edition Quarterly CPU - Jul 2024 is affecting Sterling Control Center v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM® SDK Java™ used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle July 2024 Critical Patch...

Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to confidentiality, availability, and integrity impacts due to multiple vulnerabilities.

Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to a remote attacker causing confidentiality impact CVE-2024-21145, availability impact CVE-2024-21144, integrity impact CVE-2024-21131, and denial of service CVE-2024-27267 as described in t...

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Storage Protect Operations Center.

Summary IBM Storage Protect Operations Center may be impacted by multiple vulnerabilities CVE-2024-21147, CVE-2024-21145, CVE-2024-21140, CVE-2024-21144, CVE-2024-21138, CVE-2024-21131, CVE-2024-27267 in the IBM® SDK Java™ Technology Edition, Version 8, potentially leading to a loss of...