Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Jan 2022 CPU (CVE-2022-21299)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. These issues were disclosed as part of the IBM Java SDK updates in Jan 2022. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...

Security Bulletin: Potential security vulnerabilities in IBM Java SDK used in IBM System Networking Element Manager

Summary Potential security exposure when using the Java based applications bundled in IBM System Networking Element Manager due to vulnerabilities in Java Software Developer Kits. See Vulnerability Details for CVE IDs. Vulnerability Details IBM System Networking Element Manager is bundled with th...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9 and IBM BigFix Inventory v9

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool and IBM BigFix Inventory. These issues were disclosed as part of the IBM Java SDK updates in Oct 2017 Vulnerability Details CVEID: CVE-2017-10356 DESCRIPTION: An unspecified...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Tivoli Storage Productivity Center July 2014 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with Tivoli Storage Productivity Center. These issues were disclosed as part of the IBM Java SDK updates in July 2014. Vulnerability Details The following advisories are included in the IBM® SDK Java™...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Tivoli Storage Productivity Center April 2015 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ Technology Edition that is shipped and used by Tivoli Storage Productivity Center. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Detail...

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK have been identified in IBM WebSphere Application Server shipped with IBM Intelligent Operations Center products (Oct 2016 CPU - Includes CVE-2016-5573, CVE-2016-5597)

Summary IBM WebSphere Application Server is shipped as a component of IBM Intelligent Operations Center and related products. Oracle released the October 2016 critical patch updates which contain multiple fixes for security vulnerabilities in the IBM Java Development Kit that is included with IBM...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Tivoli Storage Productivity Center January 2015 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ Technology Edition that is shipped and used by Tivoli Storage Productivity Center. These issues were disclosed as part of the IBM Java SDK updates in January 2015. Vulnerability...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Tivoli Storage Productivity Center October 2014 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM Tivoli Storage Productivity Center. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These issues were disclosed as par...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool, IBM Tivoli Asset Discovery for Distributed and IBM Endpoint Manager for Software Use Analysis (April 2015 CPU)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition that is used by IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed.These issues were disclosed as part of the IBM Java SDK updates in April 2015. This bulletin also addresses FREAK: Factoring Attack ...

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK have been identified in IBM WebSphere Application Server shipped with IBM Intelligent Operations Center products (January 2017 CPU)

Summary IBM WebSphere Application Server is shipped as a component of IBM Intelligent Operations Center and related products. Oracle released the January 2017 critical patch updates that contain multiple fixes for security vulnerabilities in the IBM Java Development Kit that is included with IBM...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9 and IBM BigFix Inventory v9

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool and IBM BigFix Inventory. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017 Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9, v7.5 & v7.2.2, IBM Tivoli Asset Discovery for Distributed v7.5 & v7.2.2 and IBM Endpoint Manager for Software Use Analysis v9 - CVE-2014-6593, CVE-2015-0400, C

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM License Metric Tool v9, v7.5 & v7.2.2, IBM Tivoli Asset Discovery for Distributed v7.5 & v7.2.2 and IBM Endpoint Manager for Software Use Analysis v9. These issues were disclosed as part of the IBM...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Business Services Fabric (CVE-2014-4263, CVE-2014-4244, CVE-2014-3068)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition that is used by WebSphere Business Services Fabric. These issues were disclosed as part of the IBM Java SDK updates in July 2014. Vulnerability Details CVEID: CVE-2014-4263 DESCRIPTION: An unspecified vulnerability...

Security Bulletin: Tivoli Storage Productivity Center - Oracle CPU February 2012, June 2012

Summary Multiple security vulnerabilities exist in the IBM Java SDK that is shipped with IBM Tivoli Storage Productivity Center. Vulnerability Details IBM Tivoli Storage Productivity Center 4.x is shipped with an IBM Java SDK that is based on the Oracle JDK. Oracle released February 2012 and Apri...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (April 2022) affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in April 2022. Vulnerability Details CVEID:CVE-2021-35561 DESCRIPTION: An unspecified...

Security Bulletin: Vulnerabilities in IBM® Java™ SDK Technology Edition, Oct 2021 affects IBM Security Identity Manager Virtual Appliance (CVE-2021-35603, CVE-2021-35550, CVE-2021-35578)

Summary There are multiple vulnerabilities in IBM® Java™ SDK Technology Edition, Oct 2021, used by IBM Security Identity Manager Virtual Appliance. IBM Security Identity Manager Virtual Appliance has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2021-35603 DESCRIPTION: An...

Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Service Tester (CVE-2021-35603)

Summary A vulnerability in IBM SDK Java Version 1.8 and IBM Runtime Environment Java Version 1.8 used by Rational Service Tester. Rational Service Tester has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2021-35603 DESCRIPTION: An unspecified vulnerability in Java SE related to th...

Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Service Tester (CVE-2021-35550)

Summary A vulnerability in IBM SDK Java Version 1.8 and IBM Runtime Environment Java Version 1.8 used by Rational Service Tester. Rational Service Tester has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to th...

Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities - Java SE (CVE-2020-2773)

Summary IBM Resilient SOAR is Using Components with Known Vulnerabilities - Java SE. Vulnerability Details CVEID:CVE-2020-2773 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service...

Path Traversal

aws-java-sdk-s3 is vulnerable to path traversal. The vulnerability exists due to the insufficient guard logic used for the download directory in the leavesRoot function of TransferManager.java, allowing an attacker to access files from the S3 bucket that is one level up in the file system by...