CVE-2024-55156

An XML External Entity XXE vulnerability in the deserializeArgs method of Java SDK for CloudEvents v4.0.1 allows attackers to access sensitive information via supplying a crafted XML-formatted event message...

CVE-2024-55156

An XML External Entity XXE vulnerability in the deserializeArgs method of Java SDK for CloudEvents v4.0.1 allows attackers to access sensitive information via supplying a crafted XML-formatted event message...

CVE-2024-55156

CVE-2024-55156 affects the Java SDK for CloudEvents v4.0.1, with an XML External Entity (XXE) vulnerability in the deserializeArgs() method that can allow an attacker handling untrusted XML to access sensitive information. The connected sources corroborate the issue and point to the affected comp...

CVE-2024-55156

An XML External Entity XXE vulnerability in the deserializeArgs method of Java SDK for CloudEvents v4.0.1 allows attackers to access sensitive information via supplying a crafted XML-formatted event message...

Security Bulletin: Vulnerabilities in IBM Java SDK (CVE-2024-21217, CVE-2024-21208, CVE-2024-10917) affect Power HMC.

Summary The IBM Java SDK library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit vulnerability allows unauthenticated attacker...

SUSE CVE-2023-39913

Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.This issue affects Apache UIMA Java SDK: before 3.5.0. Users are recommended to upgrade to version 3.5.0, which fixes the issue. The...

Security Bulletin: Multiple Vulnerabilities of IBM Java SDK affect Linux KVM Agent from IBM Tivoli Monitoring for Virtual Environments

Summary IBM java SDK is used by Linux KVM Agent from IBM Tivoli Monitoring for Virtual Environments. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high...

Security Bulletin: Multiple Vulnerabilities of IBM Java SDK affect VMware Agent from IBM Tivoli Monitoring for Virtual Environments.

Summary IBM java SDK is used by VMware Agent from IBM Tivoli Monitoring for Virtual Environments. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity...

Security Bulletin: Vulnerability in Apache Avro Java SDK affects watsonx.data

Summary Apache Avro Java SDK is vulnerable to a denial of service attack, and this could affect watsonx.data. Vulnerability Details CVEID:CVE-2023-39410 DESCRIPTION: Apache Avro Java SDK is vulnerable to a denial of service, caused by an unsafe deserialization flaw. By sending specially crafted...

Security Bulletin: IBM B2B Advanced Communications is vulnerable to issues due to Java SDK (CVE-2022-40609)

Summary IBM B2B Advanced Communications has addressed vulnerabilities in Java SDK shipped with product. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an...

Security Bulletin: IBM B2B Advanced Communications is vulnerable to multiple issues due to Java SDK (CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597)

Summary IBM B2B Advanced Communications has addressed vulnerabilities in Java SDK shipped with product. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an...

Security Bulletin: IBM Storage Insights is vulnerable to weaknesses related to IBM® SDK, Java™ Technology Edition

Summary Vulnerabilities in IBM® SDK, Java™ Technology Edition may affect IBM Storage Insights which could allow a remote attacker to cause high integrity impact, low confidentiality impat. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to t...

Security Bulletin: IBM Event Streams is vulnerable to arbitrary code execution on the system due to the Apache Avro component (CVE-2024-47561).

Summary IBM Event Streams is vulnerable to arbitrary code execution on the system. Apache Avro is commonly used in event streams like Apache Kafka to serialize and deserialize event data, providing a structured, efficient, and schema-based format for transmitting messages between producers and...

RCE (Remote Code Execution) org.apache.avro:avro Dependency in Bitbucket Data Center and Server

This High severity org.apache.avro:avro Dependency vulnerability was introduced in versions 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0, 8.15.0, 8.16.0, 8.17.0, 8.18.0, 8.19.0, 9.0.0, 9.1.0, and 9.2.0 of Bitbucket Data Center and Server. This org.apache.avro:avro Dependency...

Security Bulletin: Vulnerabilities in IBM Java SDK (CVE-2024-21145, CVE-2024-21131) affect Power HMC.

Summary The IBM Java SDK library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21145 DESCRIPTION: An unspecified vulnerability in Java SE related to the 2D component could allow a remote attacker to cause low...

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple CVEs in IBM Java SDK

Summary There are multiple vulnerabilities in IBM Java SDK, Java Technology Edition used by IBM App Connect Enterprise Runtime and IBM Integration Bus for z/OS Runtime. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (October 2024) affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in October 2024. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability ...

Security Bulletin: Multiple Vulnerabilities of IBM Java SDK have affected Linux KVM Agent from IBM Tivoli Monitoring for Virtual Environments product

Summary Linux KVM Agent is from IBM Tivoli Monitoring for Virtual Environments product vulnerable to IBM java SDK. The fix includes IBM Java SDK upgraded to 8.0.8.25. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component...

Security Bulletin: Multiple Vulnerabilities of IBM Java SDK have affected VMware Agent from IBM Tivoli Monitoring for Virtual Environments product

Summary VMware Agent from IBM Tivoli Monitoring for Virtual Environments product is vulnerable to IBM java SDK. The fix includes IBM Java SDK upgraded to 08.08.25.00 version. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE...

Security Bulletin: IBM Cloud Pak System is vulnerable to multiple vulnerabilities in IBM Java SDK.

Summary IBM Cloud Pak System is vulnerable to multiple vulnerabilities in IBM SDK. The fix removes these vulnerabilities as per IBM SDK, Java Technology Apr 2024. Vulnerability Details CVEID:CVE-2024-21085 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allo...