Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8, which is used by the desktop version of IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow. IBM Process Designer has addressed the applicable CVEs. Vulnerability Details...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by AIX. AIX has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM for JDK related to the JSSE component...

Multiple vulnerabilities in IBM Java SDK affect AIX

IBM SECURITY ADVISORY First Issued: Mon Dec 18 09:27:21 CST 2023 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/javadec2023advisory.asc Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (October 2023) affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in October 2023. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified...

Security Bulletin: Multiple vulnerabilities in IBM JAVA JDK affects IBM Storage Scale packaged in IBM Storage Scale System

Summary Multiple vulnerabilities in IBM Java JDK, used by IBM Storage Scale System GUI, could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact and no availability impact. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified vulnerability...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Storage Scale packaged in Elastic Storage Server

Summary There are multiple vulnerabilities in Java™ Technology Edition used by the Elastic Storage Server. Fixes for all these vulnerabilities are available. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a...

Security Bulletin: Vulnerabilities in IBM Java affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Service Registry and Repository due to October 2023 CPU

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, used by WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in October 2023. These issues are also addressed by WebSphere Application Server shipped with WebSphere...

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to remote attack due to IBM Java SDK (CVE-2023-22045, CVE-2023-22049)

Summary IBM® SDK Java™ Technology Edition is shipped as a component of IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable issues, CVE-2023-22045 and CVE-2023-22049 Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified vulnerability in Java SE relate...

Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects IBM® Db2® (CVE-2022-40609)

Summary There was a vulnerability in IBM® Runtime Environment Java™ Version 7.1.5.18 and earlier, 8.0.8.4 and earlier used by IBM® Db2®. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (Apr 2023 CPU)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7.1.5.17 and earlier, 8.0.8.4 and earlier used by IBM® Db2®. These issues were disclosed as part of the IBM Java SDK updates in April 2023. Vulnerability Details CVEID: CVE-2023-21930 DESCRIPTION: An unspecified...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to the October 2023 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

IBM Java 7.1 < 7.1.5.20 / 8.0 < 8.0.8.15

The version of IBM Java installed on the remote host is prior to 7.1 7.1.5.20 / 8.0 8.0.8.15. It is, therefore, affected by a vulnerability as referenced in the IBM Security Update November 2023 advisory. - In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang ...

Security Bulletin: IBM Planning Analytics is affected by vulnerabilities in IBM Java, IBM Websphere Application Server Liberty and IBM GSKit

Summary There are vulnerabilities in IBM® Java™ Version 8, IBM WebSphere Application Server Liberty and IBM® Global Security Kit GSKit used by IBM Planning Analytics and IBM Planning Analytics Workspace. IBM Planning Analytics 2.0.9.19 and IBM Planning Analytics Workspace 2.0.91 have addressed th...

Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affect Rational Business Developer.

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Business Developer. Rational Business Developer has provided a fix for the applicable CVE. This issue was disclosed as part of the IBM Java SDK and Runtim...

Security Bulletin: Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (Multiple CVEs)

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus. These were disclosed as part of the IBM Java SDK updates in April 2023. Affected platforms are AIX, Linux, Linux on zSystems, and Windows. Vulnerability Detail...

Security Bulletin: Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (Multiple CVEs)

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus. These were disclosed as part of the IBM Java SDK updates in November 2022 and February 2023. Vulnerability Details CVEID:CVE-2022-21426 DESCRIPTION: An...

Security Bulletin: A vulnerability in IBM Java Runtime may affect Tivoli Netcool/OMNIbus

Summary There is a vulnerability in the Eclipse OpenJ9 runtime that may affect the MibManager GUI application that is shipped with Tivoli Netcool/OMNbus. Vulnerability Details CVEID:CVE-2022-3676 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by...

Security Bulletin: IBM Rational Build Forge is vulnerable and could allow an unauthenticated attacker to cause a denial of service due to the use of IBM Java (CVE-2021-35561)

Summary IBM Java is used by IBM Rational Build Forge. The vulnerability CVE-2021-35561 has been identified and addressed. Vulnerability Details CVEID:CVE-2021-35561 DESCRIPTION: An unspecified vulnerability in Java SE related to the Utility component could allow an unauthenticated attacker to cau...

Security Bulletin: Multiple Security vulnerabilities in IBM Java in FileNet Content Manager

Summary Multiple Security vulnerabilities in IBM Java in FileNet Content Manager, affected, not vulnerable Vulnerability Details CVEID:CVE-2022-21628 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by a flaw in the Lightweight HTTP Server. By sending a specially-crafted request,...