Security Bulletin: Java vulnerabilities affect IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2)

Summary Java vulnerabilities, listed below, affect IBM Watson Text to Speech and Speech to Text IBM Watson Speech Services for Cloud Pak for Data 1.2 Vulnerability Details CVEID: CVE-2020-2601 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded...

Server side request forgery (ssrf)

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...

SUSE SLES12 Security Update : java-11-openjdk (SUSE-SU-2020:3159-1)

"This update for java-11-openjdk fixes the following issues : Update to upstream tag jdk-11.0.9-11 October 2020 CPU, bsc1177943 - New features + JDK-8250784: Shenandoah: A Low-Pause-Time Garbage Collector - Security fixes + JDK-8233624: Enhance JNI linkage + JDK-8236196: Improve string pooling +...

SUSE-SU-2020:3591-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - Update to version jdk8u275 icedtea 3.17.1 JDK-8214440, bsc1179441: Fix StartTLS functionality that was broken in openjdk272. bsc1179441 JDK-8223940: Private key not supported by chosen signature algorithm JDK-8236512: PKCS11 Connectio...

SQL Injection Vulnerability in Incu Online Education System (CNVD-2020-67119)

Incu online education system is the Java version of the open source online school source code building system . SQL injection vulnerability exists in Incu Online Education System. Attackers can use the vulnerability to obtain sensitive information in the database...

SQL Injection Vulnerability in Incu Online Education System (CNVD-2020-67116)

Incu online education system is the Java version of the open source online school source code building system . SQL injection vulnerability exists in Incu Online Education System. Attackers can use the vulnerability to obtain sensitive information in the database...

Security Bulletin: Potential security vulnerability for the Oracle June 2012 CPU (CVE-2012-1713) shipped with Rational Developer for System z

Summary IBM Rational Developer for System z is shipped with an IBM Java that is based on the Oracle Java. Oracle has released a June 2012 critical patch updates CPU which contain security vulnerability fixes and the IBM Java is affected. Vulnerability Details | Subscribe to My Notifications to be...

GHSA-G5VF-V6WF-7W2R Ciphertext Malleability Issue in Tink Java

Impact Tink's Java version before 1.5 under some circumstances allowed attackers to change the key ID part of the ciphertext, resulting in the attacker creating a second ciphertext that will decrypt to the same plaintext. This can be a problem in particular in the case of encrypting with a...

Command Execution Vulnerability in the java version of the hessian binary web service protocol

Hessian is a cross-platform serialization tool. A command execution vulnerability exists in the java version of the hessian binary web service protocol that can be exploited by an attacker to gain control of a server...

OpenJDK: Excessive memory usage in ImageIO TIFF plugin (ImageIO, 8233239)

Vulnerability in the Java SE product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum LSF Analytics

Summary There are multiple vulnerabilities in IBM®Runtime Environment Java™Version 7 used by IBM Spectrum LSF Analytics. IBM Spectrum LSF Analytics has addressed the applicable CVEs. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products an...

Security Bulletin: IBM Spectrum Scale Transparent Cloud Tiering is affected by a vulnerability in IBM® Runtime Environment Java™ Version 8

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM Spectrum Scale Transparent Cloud Tiering. The IBM Spectrum Scale Transparent Cloud Tiering have addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An unspecified vulnerabili...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Java™ Version 6 and Java™ Version 7 that is used by IBM eDiscovery Analyzer. These issues were disclosed as part of the IBM Java SDK updates in Oct 2019. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An...

Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos TM1. These issues were disclosed as part of the IBM Java SDK updates in January 2018 and April 2018. Multiple Open Source OpenSSL vulnerabilities have also been addressed. Vulnerability Detai...

Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Insight

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7. These issues were disclosed as part of the IBM Java SDK updates in October 2016 and January 2017. Multiple Open Source OpenSSL vulnerabilities have also been addressed. Vulnerability Details CVEID: CVE-2016-21...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation.

Summary There are multiple vulnerabilities in IBM®Runtime Environment Java™Version 7 used by IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation. IBM Platform Cluster Manager Standard Edition, IBM Platform...

Security Bulletin: IBM MQ Internet Pass-Thru is affected by multiple vulnerabilities in IBM Java Runtime

Summary IBM MQ Internet Pass-Thru has addressed the following vulnerabilities in IBM Runtime Environment Java Version 7.0.10.50. These issues were disclosed as part of the IBM Java SDK updates in July 2019. Vulnerability Details CVEID: CVE-2019-4473 DESCRIPTION: Multiple binaries in IBM SDK, Java...

Security Bulletin: IBM Spectrum Scale Transparent Cloud Tiering is affected by multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Spectrum Scale Transparent Cloud Tiering. The IBM Spectrum Scale Transparent Cloud Tiering have addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-2762 DESCRIPTION: Vulnerability i...

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilties

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Cognos Analytics. These issues were disclosed as part of the IBM Java SDK updates in October 2017, January 2018, April 2018, July 2018, October 2018, January 2019 and April 2019. Cognos Analytics has...

CVE-2019-10080

The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services via XXE and reveal information such as the versions of Java, Jersey, and Apache that the NiFI...