Security Bulletin: Multiple CVEs - Vulnerabilities in IBM Java Runtime affect IBM Integration Designer used in IBM Business Automation Workflow and IBM Business Process Manager

Summary Vulnerabilities in IBM® Runtime Environment Java™ Versions 7 and 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVEs. Vulnerability Details CVEID: CVE-2020-14579 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries compone...

java-1.8.0-openjdk bug fix and enhancement update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Bug Fixes and Enhancements: Currently, Java applications run with Speculative Store Bypass SSB, CVE-2018-3639 disabled. Disabling SSB results in a performance degradatio...

Security Bulletin: CVE-2019-4732 vulnerability in IBM Java Runtime affects IBM Integration Designer used in IBM Business Automation Workflow and IBM Business Process Manager

Summary A vulnerability exists in IBM® Runtime Environment Java™ Versions 7 and 8 used by IBM Integration Designer. IBM Integration Designer has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-4732 DESCRIPTION: IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55...

Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Spectrum Scale Transparent Cloud Tiering (CVE-2020-14577, CVE-2020-14578, CVE-2020-14579)

Summary There are vulnerabilities in the IBM® Runtime Environment Java™ Version 8, which is used by BM Spectrum Scale Transparent Cloud Tiering . These issues were disclosed as part of the IBM SDK, Java Technology Edition Quarterly CPU - Jul 2020 - Includes Oracle Jul 2020 CPU plus one additional...

XStream: remote code execution due to insecure XML deserialization when relying on blocklists

A flaw was found in xstream. An unsafe deserialization of user-supplied XML, in conjunction with relying on the default deny list, allows a remote attacker to perform a variety of attacks including a remote code execution of arbitrary code in the context of the JVM running the XStream application...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime 1.8 affect IBM Sterling Secure Proxy

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling Secure Proxy. IBM Sterling Secure Proxy has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14579 DESCRIPTION: An unspecified vulnerability in Java SE related to the...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational Synergy

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6 Service Refresh 16 Fix Pack 50 and earlier releases used by IBM Rational Synergy. These issues were disclosed as part of the IBM Java SDK updates in October 2017 and January 2018. Vulnerability Details If you r...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Synergy (CVE-2016-3426)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 Service Refresh 16 Fix Pack 20 that is used by IBM Rational Synergy. These issues were disclosed as part of the IBM Java SDK updates in April 2016. Vulnerability Details CVEID: CVE-2016-3426...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Synergy (CVE-2016-0475 and CVE-2015-7575)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 Service Refresh 16 Fix Pack 15 and earlier releases that is used by Rational Synergy. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the...

Security Bulletin: Multiple Vulnerabilities in Rational Synergy

Summary Vulnerabilities in the Java Runtime Environment JRE 6 SR10 and earlier component shipped with Rational Synergy may affect the security of the product. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for...

Security Bulletin: Unspecified Vulnerabilities in Rational Synergy (CVE-2012-0502,CVE-2012-0503,CVE-2012-0506,CVE-2012-0507,CVE-2011-3563,CVE-2012-0500,CVE-2012-0497,CVE-2012-0498,CVE-2012-0499,CVE-2012-0500,CVE-2012-0501,CVE-2012-0505,CVE-2011-5035)

Summary Vulnerabilities in the Java Runtime Environment JRE 6 update 32 and earlier component shipped with IBM Rational Synergy may affect the security of the product. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational Synergy

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6 Service Refresh 16 Fix Pack 30 and earlier releases used by IBM Rational Synergy. These issues were disclosed as part of the IBM Java SDK updates in Jul 2017. Vulnerability Details If you run your own Java code...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Synergy

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 Service Refresh 16 Fix Pack 30 and earlier releases that is used by IBM Rational Synergy. These issues were disclosed as part of the IBM Java SDK updates in October 2016 and Jan 2017...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Synergy (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931 and CVE-2015-4872)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6.0 SR16 FP5 that is used by Rational Synergy. These issues were disclosed as part of the IBM Java SDK updates in July and October 2015. Vulnerability Details CVEID: CVE-2015-2613 DESCRIPTION:...

XStream vulnerable to an Arbitrary File Deletion on the local host when unmarshalling

Impact The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executing process has sufficient rights only by manipulating the processed input stream. Patches If you rely on XStream's default blacklist of the Security Framework, you will have to use...

Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearCase (CVE-2020-14577, CVE-2020-14578, CVE-2020-14579)

Summary There are vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which is used by IBM Rational ClearCase. These issues were disclosed as part of the IBM SDK, Java Technology Edition Quarterly CPU - Jul 2020 - Includes Oracle Jul 2020 CPU plus one additional vulnerability...

Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest

Summary There are multiple vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which are used by IBM Rational ClearQuest. These issues were disclosed in the IBM Java SDK updates in July 2020. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details CVEI...

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Performance Tester

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Performance Tester. Rational Performance Tester has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-2590 DESCRIPTION: An unspecifi...

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Performance Tester. Rational Performance Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-2601 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Performance Tester. Rational Performance Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14579 DESCRIPTION: ...