Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 & 8 and IBM® Runtime Environment Java™ Version 7 & 8 used by Rational Business Developer. Rational Business Developer has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java S...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Business Intelligence

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos Business Intelligence 10.2.2 and 10.2.1.1. IBM Cognos Business Intelligence has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in July 2018...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Insight (CVE-2018-3180, CVE-2018-12547)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos Insight. These issues were disclosed as part of the IBM Java SDK updates in October 2018 and January 2019. Vulnerability Details If you run your own Java code using the IBM Java Runtime...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos TM1 (CVE-2018-3180, CVE-2018-12547)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos TM1. These issues were disclosed as part of the IBM Java SDK updates in October 2018 and January 2019. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered...

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct FTP+

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8.0.5.25, 8.0.5.20, and 7.0.10.30, used by IBM Sterling Connect:Direct FTP+. IBM Sterling Connect:Direct FTP+ has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-3180 DESCRIPTION: An...

Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in GlyphIterator

Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in GlyphIterator::setCurrGlyphID A heap corruption was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of TrueType fonts. It manifests itself ...

Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in GlyphIterator::setCurrGlyphID

A heap corruption was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of TrueType fonts. It manifests itself in the form of the following or similar crash: --- cut --- $ bin/java -cp . DisplaySfntFont test.ttf Iteratio...

Security Bulletin: A security vulnerability has been identified in IBM Java Runtime could affect DB2 Query Management Facility (CVE-2018-12547, CVE-2019-2426, CVE-2018-1890, CVE-2018-12549, CVE-2018-11212)

Summary An unspecified vulnerability has been identified in IBM Java Runtime that could affect Db2 Query Management Facility. Vulnerability Details CVEID: CVE-2018-12547 CVSS Base Score: 9.8 DESCRIPTION: A widely used function in the OpenJ9 JVM is vulnerable to buffer overlows. Multiple Java...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services for Multi-Platform v2.1.1

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by Financial Transaction Manager for Corporate Payment Services for Multi-Platform FTM CPS. Financial Transaction Manager for Corporate Payment Services for Multi-Platform has addressed the applicable CVEs...

jenkins-matrix-project-plugin: sandbox bypass in matrix project plugin

A flaw was found in the Jenkins Matrix Project plugin version 1.13. An attacker with Job/Configure permission can bypass the sandbox and can execute arbitrary code on the Jenkins master JVM. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect for Virtual Environments (CVE-2018-3139, CVE-2018-3180)

Summary Multiple vulnerabilities in IBM® Runtime Environment Java™ were disclosed as part of the IBM Java SDK updates in October 2018. IBM® Runtime Environment Java™ is used by IBM Spectrum Protect formerly Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and Data...

Security Bulletin: Vulnerabilities in IBM Java Runtime affect the IBM Spectrum Protect Backup-Archive Client on Windows and Macintosh (CVE-2018-3139, CVE-2018-3180)

Summary Multiple vulnerabilities in IBM® Runtime Environment Java™ were disclosed as part of the IBM Java SDK updates in October 2018. IBM® Runtime Environment Java™ is used by the IBM Spectrum Protect formerly Tivoli Storage Manager Backup-Archive Client on Windows and Macintosh platforms...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational DOORS Web Access

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 and 8, which are used by IBM Rational DOORS Web Access. IBM Rational DOORS Web Access has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in January 2019...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 and Version 8 used by Rational Directory Server Tivoli and Rational Directory Administrator. These issues were disclosed as part of the IBM Java SDK updates in October 2018. Upgrade the JRE in order to resolve...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2018-3180, CVE-2018-3139)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 6, 7, and 8, which are used by IBM Rational ClearCase. These issues were disclosed as part of the IBM Java SDK updates in October 2018. Vulnerability Details CVEID: CVE-2018-3180 DESCRIPTION: A flaw in the JSSE...

Security Bulletin: A security vulnerability in IBM Java Runtime affects IBM Rational ClearQuest (CVE-2018-3180)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 6, 7 and 8, which are used by IBM Rational ClearQuest. These issues were disclosed as part of the IBM Java SDK updates in October 2018. Vulnerability Details CVEID: CVE-2018-3180 DESCRIPTION: A flaw in the JSSE...

Virtuozzo 6 : java-1.7.0-openjdk / java-1.7.0-openjdk-demo / etc (VZLSA-2019-0462)

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/TPF

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio and IBM CPLEX Enterprise Server (CVE-2018-1890, CVE-2018-12547, CVE-2019-2426)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 & 8 used by IBM CPLEX Optimization Studio and IBM CPLEX Enterprise Server. IBM CPLEX Optimization Studio and IBM CPLEX Enterprise Server have addressed the applicable CVEs. Vulnerability Details If you run you...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Security Directory Integrator (CVE-2018-2800, CVE-2018-2783)

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition Version 7.0 and Version 8.0 that is used by Security Directory Integrator. These issues were disclosed as part of the IBM Java SDK updates in Oct 2018 and Jan 2019 Vulnerability Details CVEID:...