Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.24 and 13.2.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

SUSE SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2026:2110-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2110-1 advisory. This update for java-180-ibm fixes the following issues - CVE-2026-22007: APIs in the specified component can lead to an unauthoriz...

RHEL 8 : java-1.8.0-ibm (RHSA-2026:22139)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22139 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. Security Fixes: openjdk: OpenJDK...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : OpenJDK 17 vulnerabilities (USN-8327-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8327-1 advisory. Thomas Beckers discovered that the JAXP component of OpenJDK 17 did not correctly authenticate...

Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues CVE-2026-22007: APIs in the specified component can lead to an unauthorized read access bsc1262490. CVE-2026-22013: unauthenticated attacker with network access can access to critical data bsc1262494. CVE-2026-22016: APIs in the specified...

USN-8328-1 openjdk-21 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 21 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

TencentOS Server 3: java-21-openjdk (TSSA-2026:0396)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0396 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: java-1.8.0-openjdk (TSSA-2026:0394)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0394 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: java-17-openjdk (TSSA-2026:0395)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0395 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

java-17-openjdk security update

An update is available for java-17-openjdk. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The java-17-openjdk packages provide the OpenJDK 17 Java Runtime...

SUSE-SU-2026:1955-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues - CVE-2026-22007: APIs in the specified component can lead to an unauthorized read access bsc1262490. - CVE-2026-22013: unauthenticated attacker with network access can access to critical data bsc1262494. - CVE-2026-22016: APIs in the...

Alibaba Cloud Linux 3 : 0110: java-1.8.0-openjdk (ALINUX3-SA-2026:0110)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0110 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-22007: No description is availabl...

Amazon Linux 2 : java-1.8.0-openjdk, --advisory ALAS2-2026-3301 (ALAS-2026-3301)

The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.492.b09-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3301 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product ...

Important: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalV...

CLSA-2026-1778488382 java-1.8.0-openjdk: Fix of 8 CVEs

Update to shenandoah-jdk8u492-b09 - Security fixes from OpenJDK 8u492-b09: - CVE-2026-22003: enhance behavior of some intrinsics - CVE-2026-22007: enhance crypto algorithm support - CVE-2026-22013: improve Kerberos credentialing - CVE-2026-22018: enhance Zip file reading - CVE-2026-22021: enhance...

java-25-openj9-25.0.3.0-1.1 on GA media (moderate)

java-25-openj9-25.0.3.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10728-1 Rating: moderate Cross-References: CVE-2026-22007 CVE-2026-22013 CVE-2026-22018 CVE-2026-23865 CVE-2026-34282 CVSS scores: CVE-2026-22007 SUSE : 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2026-22007 SUSE :...

MiracleLinux 9 : java-17-openjdk-17.0.19.0.10-2.el9.ML.1 (AXSA:2026-599:08)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-599:08 advisory. JDK: Enhance crypto algorithm support CVE-2026-22007 JDK: Improve Kerberos credentialing CVE-2026-22013 JDK: Enhance Path Factories Redux...

SUSE SLES15 Security Update : java-17-openjdk (SUSE-SU-2026:1732-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1732-1 advisory. Upgrade to upstream tag jdk-17.0.19+10 April 2026 CPU. Security issues fixed: - CVE-2026-22007: Security: unauthenticated attacker...

openSUSE 16 Security Update : java-21-openjdk (openSUSE-SU-2026:20681-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20681-1 advisory. Update to upstream tag jdk-21.0.11+10 April 2026 CPU. Security issues fixed: - CVE-2026-22007: Security: unauthenticated attacker with logon to...

SUSE SLES12 Security Update : java-11-openjdk (SUSE-SU-2026:1703-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1703-1 advisory. Upgrade to upstream tag jdk-11.0.31+11 April 2026 CPU. Security issues fixed: - CVE-2026-22007: Security: unauthenticated attacker with logon t...