Security Bulletin: Vulnerabilities in IBM Java SE affect BM Spectrum Control

Summary IBM Java SE is vulnerable to allow a remote attacker to cause High confidentiality ,high integrity impact. These vulnerabilities affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could...

Amazon Linux 2 : java-11-openjdk (ALASJAVA-OPENJDK11-2024-010)

The version of java-11-openjdk installed on the remote host is prior to 11.0.25.0.9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2JAVA-OPENJDK11-2024-010 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition...

Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2024-2720)

The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.432.b06-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2720 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product ...

Debian dla-4001 : libxstream-java - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4001 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4001-1 [email protected]...

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities found in Java and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java and IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor CVE-2024-7254, CVE-2022-46363, CVE-2015-2156, CVE-2020-11612. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses untrusted Protocol...

Security Bulletin: IBM Cognos Transformer is affected by vulnerabilities in IBM® Java™ and Bouncy Castle Crypto Package For Java

Summary There are vulnerabilities in IBM® Java™ and Bouncy Castle Crypto Package For Java consumed by IBM Cognos Transformer. For more information about the vulnerability impact, refer to the table in the "Related Information" section. This Security Bulletin relates only to third-party components...

SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-ibm (SUSE-SU-2024:4306-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4306-1 advisory. Updated to Java 8.0 Service Refresh 8 Fix Pack 35 with Oracle October 15 2024 CPU bsc1232064: - CVE-2024-21208: Fixed...

CVE-2024-47580 Multiple vulnerabilities in SAP NetWeaver AS for JAVA(Adobe Document Services)

An attacker authenticated as an administrator can use an exposed webservice to create a PDF with an embedded attachment. By specifying the file to be an internal server file and subsequently downloading the generated PDF, the attacker can read any file on the server with no effect on integrity or...

SUSE SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2024:3987-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3987-1 advisory. Update to version jdk8u432 icedtea-3.33.0: - CVE-2024-21208: Enhance HTTP client bsc1231702. - CVE-2024-21210: Improve handling of vectorizatio...

Fedora 37 : java-17-openjdk (2022-f687000ef7)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-f687000ef7 advisory. New in release OpenJDK 17.0.5 2022-10-18 Release announcement Full release notes Security Fixes - JDK-8282252: Improve BigInteger/Decimal validation...

Fedora 37 : java-latest-openjdk (2022-d0ed59bee7)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-d0ed59bee7 advisory. New in release OpenJDK 19.0.1 2022-10-18 Full release notes This update depends on FEDORA-2022-d0fc6f0dd4 CVEs Fixed - CVE-2022-21618 - CVE-2022-216...

Security Bulletin: IBM Sterling Transformation Extender is affected by multiple IBM Java 8 vulnerabilities

Summary IBM Sterling Transformation Extender uses IBM SDK, Java Technology, version 8. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity impacts...

Security Bulletin: Security vulnerabilities may affect IBM Java shipped with IBM CICS TX Standard.

Summary Security vulnerabilities may affect IBM Java shipped with IBM CICS TX Standard. Updates to IBM CICS TX Standard have been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2024-21145 DESCRIPTION: An unspecified vulnerability in Java SE related to the 2D component...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : java-17-openjdk (SUSE-SU-2024:3963-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3963-1 advisory. - Update to upstream tag jdk-17.0.13+11 October 2024 CPU Security fixes + JDK-8307383: Enhance...

java-1_8_0-openjdk-1.8.0.432-1.1 on GA media (moderate)

java-180-openjdk-1.8.0.432-1.1 on GA media Announcement ID: openSUSE-SU-2024:14465-1 Rating: moderate Cross-References: CVE-2024-21208 CVE-2024-21210 CVE-2024-21217 CVE-2024-21235 CVSS scores: CVE-2024-21208 SUSE : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2024-21208 SUSE : 6.3...

Oracle Critical Patch Update Advisory - January 2024 (CVE-2024-20952, CVE-2024-20945, CVE-2024-20926, CVE-2024-20921, CVE-2024-20919, CVE-2024-20918)

Brocade SANnav has provided a Security update for the JAVA vulnerabilities below. CVE-2024-20952 CVE-2024-20945 CVE-2024-20926 CVE-2024-20921 CVE-2024-20919 CVE-2024-20918...

java-23-openjdk-23.0.1.0-1.1 on GA media (moderate)

java-23-openjdk-23.0.1.0-1.1 on GA media Announcement ID: openSUSE-SU-2024:14449-1 Rating: moderate Cross-References: CVE-2024-21208 CVE-2024-21210 CVE-2024-21217 CVE-2024-21235 CVSS scores: CVE-2024-21208 SUSE : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2024-21208 SUSE : 6.3...

Amazon Linux 2 : java-1.8.0-amazon-corretto (ALASCORRETTO8-2024-014)

The version of java-1.8.0-amazon-corretto installed on the remote host is prior to 1.8.0432.b06-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2CORRETTO8-2024-014 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise...

Amazon Linux 2023 : java-21-amazon-corretto, java-21-amazon-corretto-devel, java-21-amazon-corretto-headless (ALAS2023-2024-751)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-751 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle...

Security Bulletin: Multiple vulnerabilities in Java affect IBM Business Automation Workflow - July 2024 CPU

Summary IBM Business Automation Workflow containers package IBM® Java SDK 8 V21.0.3 or IBM® Semeru Runtime 17 V24.0.0. Information about security vulnerabilities in these Java runtumes have been published. IBM Business Automation Workflow includes IBM Java 8. Vulnerability Details...