AlmaLinux 9 : java-1.8.0-openjdk (ALSA-2025:10862)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:10862 advisory. JDK: Better Glyph drawing CVE-2025-30749 JDK: Enhance TLS protocol support CVE-2025-30754 JDK: Improve scripting supports CVE-2025-30761 JDK: Better Glyp...

Amazon Corretto Java 11.x < 11.0.28.6.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is 11 prior to 11.0.28.6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-11-2025-Jul-15 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition...

Difficult to exploit Java SDK Updates in ASCG

Difficult to exploit vulnerabilities in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9,...

KLA85872 Multiple vulnerabilities in Oracle Java

Multiple vulnerabilities were found in Oracle Java. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Denial of service vulnerability in JavaFX can be exploited to cau...

Azul Zulu Java Multiple Vulnerabilities (2025-07-15)

The version of Azul Zulu installed on the remote host is 7 prior to 7.79.0.12 / 8 prior to 8.87.0.14 / 11 prior to 11.81.14 / 17 prior to 17.59.16 / 21 prior to 21.43.16 / 24 prior to 24.32.14. It is, therefore, affected by multiple vulnerabilities as referenced in the 2025-07-15 advisory. -...

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to multiple issues due to IBM Runtime Environment Java Technology Edition Version 8

Summary There are vulnerabilities in IBM Runtime Environment Java Technology Edition Version 8 used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An...

Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high...

Security Bulletin: IBM Sterling Connect:Direct Web Service is affected by multiple vulnerabilities due to IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote...

Security Bulletin: Security Vulnerabilities in Java affect IBM Voice Gateway

Summary Security Vulnerabilities in Java affect IBM Voice Gateway Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and high integrity impact. CWE:CWE-284...

SAP NetWeaver AS Java Multiple Vulnerabilities (July 2025)

SAP NetWeaver Application Server for Java is affected by multiple vulnerabilities, including the following: - A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful...

Security Bulletin: Security vulnerabilities in Java SE shipped with IBM CICS TX Standard (CVE-2025-21587, CVE-2025-30698, CVE-2025-4447)

Summary There are multiple vulnerabilities in the Java SE version shipped with IBM CICS TX Standard CVE-2025-21587, CVE-2025-30698, CVE-2025-4447. An update to IBM CICS TX Standard has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An...

Security Bulletin: IBM MQ Appliance is affected by multiple Java vulnerabilities (CVE-2025-21587 & CVE-2025-4447)

Summary IBM MQ Appliance has addressed multiple Java vulnerabilities. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and high integrity impact...

Security Bulletin: IBM Cognos Transformer is affected by vulnerabilities in IBM® Java™

Summary There are vulnerabilities in IBM® Java™ Version 8 used by IBM Cognos Transformer. Vulnerability Details CVEID:CVE-2024-21131 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low integrity impact. CVSS Source: IBM X-For...

Security Bulletin: IBM Cognos Analytics is affected by security vulnerabilities

Summary There are vulnerabilities in IBM® Java™ Version 8 used by IBM Cognos Analytics. There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Cognos Analytics. Additionally, IBM Cognos Analytics is vulnerable to a Stored Cross-Site Scripting XSS vulnerability...

SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-openj9 (SUSE-SU-2025:01954-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01954-1 advisory. - CVE-2025-4447: Fixed buffer overflow in Eclipse OpenJ9 bsc1243429. - CVE-2025-30698: Fixed 2D unauthorized data access and DoS...

Security Bulletin: IBM Cloud Transformation Advisor is affected by multiple vulnerabilities found in Java and Node.js

Summary There are multiple vulnerabilities in Java and Node.js used by IBM Cloud Transformation Advisor. Vulnerability Details CVEID:CVE-2025-48997 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and pri...

ROS-20250625-02

A vulnerability in the br.com.anteros.dbcp.AnterosDBCPConfig component of the Java library for grammar parsing JSON files jackson-databind is related to the recovery of invalid data in memory. Exploitation of the of the vulnerability could allow an attacker acting remotely to cause a denial of...

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty and Java may affect IBM Storage Protect for Space Management

Summary IBM Storage Protect for Space Management can be affected by security flaws in IBM WebSphere Application Server and Java. This flaws can lead to denial of service in Netty, denial of service partial DOS, denial of service via introspection queries, unauthorized update, insert or delete...

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty and Java may affect IBM Storage Protect Backup-Archive Client

Summary IBM Storage Protect Backup-Archive Client can be affected by security flaws in IBM WebSphere Application Server and Java. This flaws can lead to denial of service in Netty, denial of service partial DOS, denial of service via introspection queries, unauthorized update, insert or delete...

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty and Java may affect IBM Storage Protect for Virtual Environments (Data Protection for VMware and Data Protection for Hyper-V)

Summary IBM Storage Protect for Virtual Environments Data Protection for VMware and Data Protection for Hyper-V can be affected by security flaws in IBM WebSphere Application Server and Java. This flaws can lead to denial of service in Netty, denial of service partial DOS, denial of service via...