Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6, 8 and IBM® Runtime Environment Java™ Technology Edition, Versions 6, 8 used by IBM Tivoli Netcool Configuration Manager. These issues were disclosed as part of the IBM Java SDK updates in July 2018...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (ITNCM)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6, 7, 8 and IBM® Runtime Environment Java™ Technology Edition, Versions 6, 7, 8 used by IBM Tivoli Netcool Configuration Manager. These issues were disclosed as part of the IBM Java SDK updates in January...

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer

Summary There was a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Business Developer. Rational Business Developer has addressed the applicable CVE. This issue was disclosed as part of the IBM Java XML vulnerability...

IBM Java 7.1 < 7.1.5.18 / 8.0 < 8.0.8.5

The version of IBM Java installed on the remote host is prior to 7.1 7.1.5.18 / 8.0 8.0.8.5. It is, therefore, affected by a vulnerability as referenced in the IBM Security Update June 2023 advisory. - In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache which is...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Service Tester. Rational Service Tester has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-21628 DESCRIPTION: Java SE i...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Performance Tester. Rational Performance Tester has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-21628 DESCRIPTION:...

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime affect z/Transaction Processing Facility

Summary There are multiple vulnerabilities in IBM® Semeru Runtime Certified Edition 11 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-21967 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Editi...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Service Registry and Repository due to April 2023 CPU

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, used by WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in April 2023. These issues are also addressed by WebSphere Application Server shipped with WebSphere...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to April 2023 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

Security Bulletin: Multiple vulnerabilities in IBM Java XML affect IBM Tivoli System Automation for Multiplatforms deferred from Oracle Apr 2022 CPU (CVE-2022-21426)

Summary A flaw in the XML component of IBM Java Technology Edition used by v4.1.0.4 to v4.1.1.0 of IBM Tivoli System Automation for Multiplatforms has been identified. These issues were disclosed as part of the IBM Java SDK updates in Apr 2022. Vulnerability Details Refer to the security bulletin...

Security Bulletin: IBM Copy Services Manager is vulnerable to crypto attack vulnerabilities due to IBM Java 8 vulnerabilities.

Summary IBM Copy Services Manager is vulnerable to the listed attack vectors in the bundled depencency IBM Java 8.0.7.0 through 8.0.7.11. IBM Java is used by IBM Copy Services Manager as a code base and virtal machine runtime. The following vulnerabilities have been identified: CVE-2023-30441...

Security Bulletin: Vulnerabilities in IBM Java SDK and IBM Java Runtime affects Rational Business Developer

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Business Developer. Rational Business Developer has provided a fix for the applicable CVE. These issues were disclosed as part of the IBM Java SDK and...

Security Bulletin: Vulnerability in IBM Java (CVE-2022-21426) affects Power HMC

Summary IBM Java is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-21426 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of servi...

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to multiple vulnerabilities due to IBM Java

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions. IBM Sterling Connect:Direct Web Services has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-30441 DESCRIPTION: IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0...

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to multiple vulnerabilities due to IBM Java

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions. IBM Sterling Connect:Direct Web Services has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-21830 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization component...

Security Bulletin: TADDM affected by multiple vulnerabilities due to IBM Java and its runtime

Summary IBM Tivoli Application Dependency Discovery Manager is vulnerable to denial of service due to use of IBM Java and runtimes CVE-2022-21426, CVE-2023-30441, CVE-2023-21830, CVE-2023-21843 Vulnerability Details CVEID:CVE-2022-21426 DESCRIPTION: An unspecified vulnerability in Java SE related...

Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to exposing sensitive information due to flaws and configurations (CVE-2023-30441).

Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to exposing sensitive information using a combination of flaws and configurations as described in the vulnerability details section. The vulnerability is fixed by applying an IBM i Group PTF...

Security Bulletin: A vulnerability in IBM Java SDK affects IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines (CVE-2023-30441)

Summary The security issue described in CVE-2023-30441 has been identified in IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines Vulnerability Details CVEID:CVE-2023-30441 DESCRIPTION: IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by AIX. AIX has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-21426 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated...