Security Bulletin: IBM DataPower Gateway affected by multiple vulnerabilities in Java

Summary While core IBM DataPower Gateway does not use Java, certain components shipped with IDG may be vulnerable. IBM has addressed the CVEs. Vulnerability Details CVEID:CVE-2022-21434 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an...

Vulnerabilities fixed in IBM Rational ClearCase

IBM has fixed several vulnerabilities. The vulnerabilities are in the Java components of IBM Rational ClearCase. A unauthenticated remote malicious person could exploit the vulnerabilities potentially exploit them to cause a denial-of-service or obtain obtain sensitive information. IBM has made...

Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2022-5698)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5698 advisory. 1:1.8.0.342.b07-1 - Update to shenandoah-jdk8u342-b07 - Update release notes for shenandoah-8u342-b07. - Print release file during build, which should...

Vulnerabilities fixed in IBM MQ

IBM has fixed multiple vulnerabilities in supporting software supplied with IBM MQ. The vulnerabilities are in Java, Eclipse Jetty and Websphere Liberty and were previously fixed in the individual products. A malicious party could potentially exploit the vulnerabilities to cause a...

Vulnerabilities fixed in Oracle Java SE

Oracle has fixed vulnerabilities in Java SE JDK/JRE and GraalVM Enterprise Edition. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Bypassing security...

AlmaLinux 8 : java-1.8.0-openjdk (ALSA-2022:0307)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:0307 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Snapshot for VMWare (CVE-2018-12547, CVE-2019-2426)

Summary Multiple vulnerabilities in IBM® Runtime Environment Java™ were disclosed as part of the IBM Java SDK updates in January 2019. IBM® Runtime Environment Java™ is used by IBM Spectrum Protect Snapshot formerly Tivoli Storage FlashCopy Manager for VMware. Vulnerability Details CVEID:...

SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2022:14875-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:14875-1 advisory. - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported...

Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Java version used in it.(CVE-2021-35560, CVE-2021-35586, CVE-2021-35578, CVE-2021-35564, CVE-2021-35559, CVE-2021-35556, CVE-2021-35565, CVE-2021-35588, CVE-2021-41035)

Summary IBM Rational Build Forge version 8.0 to 8.0.0.20 is affected by the Java version used in it. CVE-2021-35560, CVE-2021-35586, CVE-2021-35578, CVE-2021-35564, CVE-2021-35559, CVE-2021-35556, CVE-2021-35565, CVE-2021-35588, CVE-2021-41035 Vulnerability Details CVEID: CVE-2021-35560...

Vulnerabilities hide in Java

Vulnerabilities have been fixed in Java. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to sensitive data Access to system data -=...

SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2021:2952-1)

The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2952-1 advisory. - Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Support...

RHEL 7 : java-1.7.1-ibm (RHSA-2021:3293)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3293 advisory. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IB...

Security Bulletin: Streams service for IBM Cloud Pak for Data might be affected by some underlying Java vulnerabilities

Summary Streams service for IBM Cloud Pak for Data might be affected by some underlying Java vulnerabilities Vulnerability Details CVEID: CVE-2021-2161 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no...

SUSE: Security Advisory (SUSE-SU-2015:1509-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i is affected by CVE-2020-2773

Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ is supported by IBM i. IBM i has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-2773 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Security component could allow an...

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition may affect IBM Content Collector for SAP Applications

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM Content Collector for SAP Applications. These issues disclosed in the Oracle January 2021 Critical Patch Update. Vulnerability Details CVEID: CVE-2020-14803 DESCRIPTION: An unspecified vulnerabilit...

SUSE-SU-2021:0670-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 25 bsc1182186, bsc1181239, CVE-2020-27221, CVE-2020-14803 CVE-2020-27221: Potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characte...

Security Bulletin: IBM Cloud Private is vulnerable to Java vulnerabilities (CVE-2020-14792, CVE-2020-14797, CVE-2020-14781, CVE-2020-14779, CVE-2020-14798, CVE-2020-14796)

Summary IBM Cloud Private is vulnerable to Java vulnerabilities Vulnerability Details CVEID: CVE-2020-14779 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MessageGateway (CVE-2020-14803, CVE-2020-27221)

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8.0 used by IBM MessageGateway These issues were disclosed as part of the IBM Java SDK updates in January, 2021. Vulnerability Details CVEID: CVE-2020-14803 DESCRIPTION: An unspecified vulnerability in Java SE coul...

Security Bulletin: IBM Cognos Business Intelligence has addressed multiple vulnerabilities (Q12021)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos Business Intelligence. These issues were disclosed as part of the IBM Java SDK updates in January 2020, April 2020 and July 2020. IBM Cognos Business Intelligence has addressed the applicable...