Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. These issues were disclosed as part of the IBM SDK, Java Technology Edition Quarterly CPU - Jan 2020 - Includes Oracle Jan 2020 CPU minus...

Security Bulletin: Multiple Security Vulnerabilities Impact IBM Predictive Insights

Summary Multiple security vulnerabilities impact IBM Predictive Insights Vulnerability Details CVEID: CVE-2017-5644 DESCRIPTION: Apache POI is vulnerable to a denial of service, cause by an XML External Entity Injection XXE error when processing XML data. By using a specially crafted OOXML file, ...

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct FTP+

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8.0.5.40 and 8.0.5.35, used by IBM Sterling Connect:Direct FTP+. IBM Sterling Connect:Direct FTP+ has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14579 DESCRIPTION: An unspecified...

CentOS 7 : java-1.8.0-openjdk (RHSA-2020:2968)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2968 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 8u25...

Security Bulletin: Multiple Java Vulnerabilities Impact IBM Control Center (CVE-2018-3180, CVE-2018-1890)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 7 and 8 that is used by IBM Control Center. This issue was disclosed as part of the IBM Java SDK updates in October 2018 and January 2019. Vulnerability Details CVEID: CVE-2018-3180 DESCRIPTION: An...

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Secure Proxy

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling Secure Proxy. These issues were disclosed as part of the IBM Java SDK updates in July and October 2018. Vulnerability Details CVEID: CVE-2018-1517 DESCRIPTION: A flaw in the java.math...

Amazon Linux 2 : java-11-amazon-corretto, --advisory ALAS2-2020-1464 (ALAS-2020-1464)

The version of java-11-amazon-corretto installed on the remote host is prior to 11.0.8+10-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1464 advisory. Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Support...

Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64 (20200716)

Security Fixes : - OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access Libraries, 8238920 CVE-2020-14583 - OpenJDK: Incomplete bounds checks in Affine Transformations 2D, 8240119 CVE-2020-14593 - OpenJDK: Incorrect handling of access control context in ForkJoinPool Libraries,...

CVE-2020-14577

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to...

DEBIAN-CVE-2020-14577

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to...

Design/Logic Flaw

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to...

CVE-2020-14577

CVE-2020-14577 is a TLS/JSSE-related issue in Oracle Java SE and Java SE Embedded (affecting Java 7u261, 8u251, 11.0.7 and 14.0.1; Embedded 8u251) enabling unauthenticated network access to read some data. Connected advisories show vendor-specific mitigations: for example, Amazon Linux ALAS advis...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool. These issues were disclosed as part of the IBM Java SDK updates in April 2020. Vulnerability Details CVEID: CVE-2020-2805 DESCRIPTION: An unspecified vulnerability in Java S...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator.

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 and Version 8 used by Rational Directory Server Tivoli and Rational Directory Administrator. These issues were disclosed as part of the IBM Java SDK updates in April 2020. Upgrade the JRE in order to resolve...

OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to...

OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2020-1365)

The version of java-1.7.0-openjdk installed on the remote host is prior to 1.7.0.261-2.6.22.1.83. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1365 advisory. Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server April 2020 CPU that is bundled with IBM WebSphere Application Server Patterns

Summary There are multiple vulnerabilities in the IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM Java SDK updates in April 2020. Vulnerability Details CVEID: CVE-2019-2949 DESCRIPTION: An unspecified vulnerability in...

Important: java-1.7.0-openjdk

Issue Overview: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with networ...

Amazon Linux 2 : java-1.7.0-openjdk (ALAS-2020-1424)

The version of java-1.7.0-openjdk installed on the remote host is prior to 1.7.0.261-2.6.22.2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1424 advisory. Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization...