Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Netezza Analytics for NPS

Summary IBM Java SDK is used by IBM Netezza Analytics for NPS. IBM Netezza Analytics for NPS has addressed the applicable CVEs by upgrading IBM Java SDK to version 8.0-6.15. Vulnerability Details CVEID: CVE-2018-3136 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java...

Security Bulletin: Vulnerability in IBM Java SDK Runtime affects DS8000 (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects some versions of DS8000. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in SSL/TLS implementations could allow a remote attacker to downgrade the security of certain...

Security Bulletin: Security vulnerabilities have been identified in OpenSSL, IBM Java Runtime and the microcode shipped with the DS8000 Hardware Management Console (HMC)

Summary The updates indicated below have been released to address the following vulnerabilities: CVE-2016-2107 MITM attack in OpenSSL, CVE-2016-5547 Denial of service in IBM Runtime Environment Java™ CVE-2017-1123 Escalation of privilege in the DS8000 HMC Vulnerability Details CVEID: CVE-2016-210...

Security Bulletin:Multiple vulnerabilities in IBM Java SDK affect System Storage DS8000

Summary Multiple vulnerabilities exisit in the IBM JRE used by System Storage DS8000. These were disclosed as part of the IBM Java SDK updates - July 2015 This release also enforces the removal of RC4 in IBM JAVA CVE-2015-2808 also known as BarMitzva to ensure that no present or future releases c...

Security Bulletin: A vulnerability in IBM Java SDK affects IBM Standards Processing Engine and IBM Transformation Extender Advanced (CVE-2015-4872)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 7 and 8, that is used by IBM Standards Processing Engine and IBM Transformation Extender Advanced. This issue was disclosed as part of the IBM Java SDK updates for October 2015. Vulnerability Details CVEID: CVE-2015-48...

GHSA-7J4H-8WPF-RQFH Missing XML Validation in Apache Xerces2

XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment JRE in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlie...

Security Bulletin: A vulnerability in IBM® SDK, Java™ may affect Rational Asset Analyzer (CVE-2021-35550)

Summary There is a vulnerability in IBM® Java™ version 8 used by Rational Asset Analyzer. This has been addressed. Vulnerability Details CVEID: CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain...

Security Bulletin: A vulnerability in IBM® SDK, Java™ affects Rational Asset Analyzer (CVE-2021-35603)

Summary There is a vulnerability in IBM® Java™ version 8 used by Rational Asset Analyzer. This has been addressed. Vulnerability Details CVEID: CVE-2021-35603 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain...

Security Bulletin: Vulnerability in IBM JAVA JDK affects IBM Spectrum Scale (CVE-2022-21291)

Summary A vulnerability in IBM JAVA JDK could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. This library is used by the Graphical User Interface GUI of IBM Spectrum Scale. Vulnerability Details CVEID: CVE-2022-21291...

IBM Java 6.0 < 6.0.16.65 / 6.1 < 6.1.8.65 / 7.0 < 7.0.10.25 / 7.1 < 7.1.4.25 / 8.0 < 8.0.5.15 Multiple Vulnerabilities

The version of IBM Java installed on the remote host is prior to 6.0 6.0.16.65 / 6.1 6.1.8.65 / 7.0 7.0.10.25 / 7.1 7.1.4.25 / 8.0 8.0.5.15. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle April 17 2018 CPU advisory. - Vulnerability in the Java SE, Java SE...

IBM Java 7.0 < 7.0.10.40 / 7.1 < 7.1.4.40 / 8.0 < 8.0.5.30 Multiple Vulnerabilities

The version of IBM Java installed on the remote host is prior to 7.0 7.0.10.40 / 7.1 7.1.4.40 / 8.0 8.0.5.30. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle January 15 2019 CPU advisory. - An issue was discovered in libjpeg 9a and 9d. The allocsarray function i...

IBM Java 7.0 < 7.0.10.70 / 7.1 < 7.1.4.70 / 8.0 < 8.0.6.15 Multiple Vulnerabilities (Jan 14, 2020)

The version of IBM Java installed on the remote host is prior to 7.0 7.0.10.70 / 7.1 7.1.4.70 / 8.0 8.0.6.15. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle January 14 2020 CPU advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE...

IBM Java 7.0 < 7.0.11.0 / 7.1 < 7.1.5.0 / 8.0 < 8.0.6.35 / 11.0 < 11.0.12 Multiple Vulnerabilities

The version of IBM Java installed on the remote host is prior to 7.0 7.0.11.0 / 7.1 7.1.5.0 / 8.0 8.0.6.35 / 11.0 11.0.12. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle July 20 2021 CPU advisory. - Vulnerability in the Java SE, Oracle GraalVM Enterprise Editio...

IBM Java 7.0 < 7.0.10.65 / 7.1 < 7.1.4.65 / 8.0 < 8.0.6.25 Multiple Vulnerabilities

The version of IBM Java installed on the remote host is prior to 7.0 7.0.10.65 / 7.1 7.1.4.65 / 8.0 8.0.6.25. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle April 14 2020 CPU advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE...

IBM Java 6.0 < 6.0.16.25 / 6.1 < 6.1.8.25 / 7.0 < 7.0.9.40 / 7.1 < 7.1.3.40 / 8.0 < 8.0.3.0 Multiple Vulnerabilities (Apr 1, 2016)

The version of IBM Java installed on the remote host is prior to 6.0 6.0.16.25 / 6.1 6.1.8.25 / 7.0 7.0.9.40 / 7.1 7.1.3.40 / 8.0 8.0.3.0. It is, therefore, affected by multiple vulnerabilities as referenced in the IBM Security Update April 2016 advisory. - Buffer overflow in the Java Virtual...

IBM Java 6.1 < 6.1.8.50 / 7.0 < 7.0.10.10 / 7.1 < 7.1.4.10 / 8.0 < 8.0.4.7

The version of IBM Java installed on the remote host is prior to 6.1 6.1.8.50 / 7.0 7.0.10.10 / 7.1 7.1.4.10 / 8.0 8.0.4.7. It is, therefore, affected by a vulnerability as referenced in the IBM Security Update August 2017 advisory. - A flaw in the IBM J9 VM class verifier allows untrusted code t...

IBM Java 8.0 < 8.0.5.30

The version of IBM Java installed on the remote host is prior to 8.0 8.0.5.30. It is, therefore, affected by a vulnerability as referenced in the IBM Security Update March 2019 advisory. - IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate cod...

IBM Java 7.0 < 7.0.10.70 / 7.1 < 7.1.4.70 / 8.0 < 8.0.6.15 Multiple Vulnerabilities (Jul 14, 2020)

The version of IBM Java installed on the remote host is prior to 7.0 7.0.10.70 / 7.1 7.1.4.70 / 8.0 8.0.6.15. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle July 14 2020 CPU advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE...

IBM Java 8.0 < 8.0.6.5

The version of IBM Java installed on the remote host is prior to 8.0 8.0.6.5. It is, therefore, affected by a vulnerability as referenced in the IBM Security Update January 2020 advisory. - IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0...

IBM Java 7.0 < 7.0.10.80 / 7.1 < 7.1.4.80 / 8.0 < 8.0.6.25 Multiple Vulnerabilities

The version of IBM Java installed on the remote host is prior to 7.0 7.0.10.80 / 7.1 7.1.4.80 / 8.0 8.0.6.25. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle October 20 2020 CPU advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE...