17 matches found
CVE-2021-28167
In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a us...
Security Bulletin: Multiple vulnerabilities in IBM Java - OpenJ9 affect IBM Tivoli System Automation Application Manager (CVE-2021-28167)
Summary There are multiple vulnerabilities in IBM Java Eclipse-OpenJ9 Edition used by IBM Tivoli System Automation Application Manager. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|---...
Security Bulletin: Multiple vulnerabilities in IBM Java - OpenJ9 affect IBM Tivoli System Automation for Multiplatforms (CVE-2021-28167)
Summary There are multiple vulnerabilities in IBM Java Eclipse-OpenJ9 used by v4.1.0.4 to v4.1.0.7 of IBM Tivoli System Automation for Multiplatforms. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...
Security Bulletin: A vulnerability in IBM Java Runtime affects SPSS Collaboration and Deployment Services (CVE-2021-28167)
Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by SPSS Collaboration and Deployment Services. This issue has been addressed. Vulnerability Details CVEID:CVE-2021-28167 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security restrictions,...
Security Bulletin: A vulnerability exists in the IBM® SDK, Java™ Technology Edition affecting IBM Tivoli Netcool Configuration Manager (CVE-2021-28167).
Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Netcool Configuration Manager IP Edition v6.4.2. Vulnerability Details CVEID:CVE-2021-28167 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products are vulnerable to CVE-2021-28167
Summary A flaw in Eclipse OpenJ9 allows malicious code to access static methods and fields in classes before those classes have been initialized. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Systems...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products are vulnerable to CVE-2021-28167
Summary A flaw in Eclipse OpenJ9 allows malicious code to access static methods and fields in classes before those classes have been initialized. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM...
Multiple vulnerabilities in IBM Java SDK affect AIX
IBM SECURITY ADVISORY First Issued: Thu Dec 22 10:09:37 CST 2022 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/javadec2022advisory.asc https://aix.software.ibm.com/aix/efixes/security/javadec2022advisory.asc...
Security Bulletin: Vulnerability (CVE-2021-28167) in Eclipse Openj9 affects CICS Transaction Gateway Desktop Edition
Summary Eclipse Openj9 is used by CICS Transaction Gateway Desktop Edition. The fix removes vulnerability CVE-2021-28167 that could allow a remote attacker to bypass security restrictions. Vulnerability Details CVEID:CVE-2021-28167 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypa...
Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer
Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Business Developer. Rational Business Developer has provided a fix for the applicable CVE. This issue was disclosed as part of the IBM Java SDK and Runtim...
Security Bulletin: A security vulnerability has been identified in IBM® SDK, Java™ Technology Edition shipped with IBM Tivoli Business Service Manager (CVE-2021-28167)
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about a security vulnerability affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details Refer to the security bulletins...
Security Bulletin: A security vulnerability has been identified in IBM Java shipped with IBM Intelligent Operations Center (CVE-2021-28167)
Summary A vulnerability have been identified in IBM MQ and Java 8 which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details Refer to th...
Security Bulletin: A vulnerability in IBM Java Runtime affects IBM ILOG CPLEX Optimization Studio (CVE-2021-28167)
Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM CPLEX Optimization Studio. IBM CPLEX Optimization Studio has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2021-28167 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass securi...
Security Bulletin: Vulnerability in IBM Java SDK affects Cloud Pak System [CVE-2021-28167]
Summary Vulnerability in IBM Java SDK affects OS Image for Red Hat Linux Systems shipped with Cloud Pak System. Cloud Pak System has addressed vulnerability. CVE-2021-28167 Vulnerability Details CVEID:CVE-2021-28167 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security...
CVE-2021-28167
In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a us...
CVE-2021-28167
CVE-2021-28167 affects IBM Java/OpenJ9; the root cause is the jdk.internal.reflect.ConstantPool API, which can cause pre-resolution of certain constant pool entries, allowing a user to call static methods or access static members without class initialization and potentially observe uninitialized ...
CVE-2021-28167
In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a us...