CVE-2024-47561

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue...

CVE-2024-47561

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue...

CVE-2024-47561 Apache Avro Java SDK: Arbitrary Code Execution when reading Avro schema (Java SDK)

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue...

CVE-2024-47561

The CVE-2024-47561 entry concerns Apache Avro Java SDK (affected: 1.11.3 and earlier). The root cause is schema parsing in the Java SDK, which could allow bad actors to execute arbitrary code when processing certain schemas. Impact is high: remote code execution via network-facing components, con...

CVE-2024-47561 Apache Avro Java SDK: Arbitrary Code Execution when reading Avro schema (Java SDK)

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects App Connect Professional

Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in July 2024, App Connect Professional has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21147...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: A...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool. These issues were disclosed as part of the IBM Java SDK updates in Jul 2024. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (July 2024) affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in July 2024. Vulnerability Details CVEID:CVE-2024-21131 DESCRIPTION: An unspecified...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects App Connect Professional

Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in April 2024, App Connect Professional has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21094...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to July 2024 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Db2 (October 2023 CPU)

Summary If you use IBM® Db2® as your database in your IBM Datacap deployment, please follow the Db2 security bulletin referred here to remedy the vulnerabilities. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could...

OESA-2024-1917 avro security update

Apache Avro is a data serialization system. Security Fixes: When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up...

OESA-2024-1916 avro security update

Apache Avro is a data serialization system. Security Fixes: When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up...

Security Bulletin: Multiple Vulnerabilities in IBM® SDK, Java™ Technology Java affect IBM Cloud Pak System

Summary Vulnerabilities in IBM Java SDK affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an unauthenticated attacker to cause high...

Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect Cloud Pak System (CVE-2023-21830, 2023-21843)

Summary Vulnerabilities in IBM Java SDK affect Cloud Pak System. IBM Cloud Pak System has addressed vulnerabilities Vulnerability Details CVEID:CVE-2023-21830 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization component could allow a remote attacker to cause a denia...

Security Bulletin: Vulnerability in Java affects Tivoli System Automation for Multiplatforms shipped with IBM® Db2® LUW. (CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850)

Summary Security vulnerabilities have been identified in Java that affect Tivoli System Automation for Multiplatforms TSAMP shipped as a component of IBM Db2. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions TSAMP include...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Storage Scale packaged in Elastic Storage Server

Summary There are multiple vulnerabilities in Java™ Technology Edition used by the Elastic Storage Server. Fixes for all these vulnerabilities are available. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945. Vulnerability Details CVEID:CVE-2024-20952...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to IBM Java SDK (Tech Edition) vulnerabilities

Summary IBM Sterling Partner Engagement Manager 6.2.3.1, 6.1.2.10, and 6.2.0.8 address IBM Java SDK Tech Edition CPU vulnerabilities attached to this Security Bulletin. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component coul...

Security Bulletin: IBM Instana Observability is vulnerable to Improper Input Validation due to Apache Avro Java SDK

Summary Vulnerability in Apache Avro Java SDK was remediated in IBM Observability with Instana Build 275. CVE-2023-39410 Vulnerability Details CVEID:CVE-2023-39410 DESCRIPTION: Apache Avro Java SDK could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an...