Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Storage Protect Operations Center (CVE-2024-21094, CVE-2024-21085, CVE-2024-21011, CVE-2023-38264).

Summary IBM Storage Protect Operations Center may be impacted by multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8, potentially leading to a loss of availability and integrity of the host system. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified...

Security Bulletin: A vulnerability in IBM Java Runtime affects Tivoli Netcool/OMNIbus. (CVE-2024-3933)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus running on Linux on IBM Z Systems. Vulnerability Details CVEID:CVE-2024-3933 DESCRIPTION: Eclipse Openj9 could allow a local authenticated attacker to bypass...

Security Bulletin: IBM Integration Designer is vulnerable to a denial of service (CVE-2024-21208, CVE-2024-27267)

Summary Vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVEs. Vulnerability Details CVEID:CVE-2024-27267 DESCRIPTION: The Object Request Broker ORB in IBM SDK, Java Technology Edition 7.1.0.0 through...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8.0.5.35 used by IBM Cloud Transformation Advisor. IBM Cloud Transformation Advisor has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in July 2019. Vulnerability...

Moderate: Red Hat Security Advisory: java-17-openjdk security update for RHEL 8.4

An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Red Hat Product Security has rated this...

Moderate: Red Hat Security Advisory: java-11-openjdk ELS security update

An update for java-11-openjdk with Extended Lifecycle Support is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Red Hat Enterprise Linux 9. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit...

ALSA-2025:0426 Moderate: java-21-openjdk security update for AlmaLinux 8.10, 9.4 and 9.5

The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: JDK: Enhance array handling CVE-2025-21502 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

RHEL 8 / 9 : java-17-openjdk security update for RHEL 8.6, 8.8, 8.10, 9.4 and 9.5 (Moderate) (RHSA-2025:0422)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:0422 advisory. The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: JD...

Moderate: java-21-openjdk security update for AlmaLinux 8.10, 9.4 and 9.5

The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: JDK: Enhance array handling CVE-2025-21502 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

Security Bulletin: Security Vulnerabilities have been identified in IBM Java Runtime as shipped with Tivoli Federated Identity Manager

Summary IBM Java Runtime as shipped with Tivoli Federated Identity Manager. Information about security vulnerabilities affecting IBM Java Runtime have been published in a security bulletin. Vulnerability Details CVEID:CVE-2019-2766 DESCRIPTION: Vulnerability in the Java SE, Java SE Embedded...

log4j1-socketappender: DoS via hashmap logging

A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in th...

Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high...

OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM® SDK Java™ used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle July 2024 Critical Patch...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM® SDK Java™ used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle April 2024 Critical Patch...

RLSA-2024:8117 Moderate: java-1.8.0-openjdk security update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function CVE-2023-48161 JDK: Array indexing integer overflow 8328544 CVE-2024-21210 JD...

Moderate: Red Hat Security Advisory: java-17-openjdk security update

An update for java-17-openjdk is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.6 Telecommunications...

Moderate: java-1.8.0-openjdk security update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function CVE-2023-48161 JDK: Array indexing integer overflow 8328544 CVE-2024-21210 JD...

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus

Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus have been addressed. Vulnerability Details CVEID:CVE-2024-21144 DESCRIPTION: An unspecified vulnerability in Java SE related to the Concurrency component could allow a...

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus

Summary Multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus running on Solaris. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a...