Security Bulletin: Security vulnerability in Java SE affects Rational Build Forge (CVE-2020-14782)

Summary Java SE that is used by IBM Rational Build Forge has a security vulnerability. IBM Rational Build Forge has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an...

Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Spectrum Scale Transparent Cloud Tiering (CVE-2020-14577, CVE-2020-14578, CVE-2020-14579)

Summary There are vulnerabilities in the IBM® Runtime Environment Java™ Version 8, which is used by BM Spectrum Scale Transparent Cloud Tiering . These issues were disclosed as part of the IBM SDK, Java Technology Edition Quarterly CPU - Jul 2020 - Includes Oracle Jul 2020 CPU plus one additional...

Medium: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with networ...

Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2021-1460)

The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.272.b10-1.56. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1460 advisory. Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - January 2020 - Includes Oracle January 2020 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7, and 8 that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Asset Management Essentials, Maximo Industry Solutions including...

Medium: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with networ...

Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2020-1461) (deprecated)

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1461 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supporte...

Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearCase (CVE-2020-14577, CVE-2020-14578, CVE-2020-14579)

Summary There are vulnerabilities in the IBM® Runtime Environment Java™ Versions 7 and 8, which is used by IBM Rational ClearCase. These issues were disclosed as part of the IBM SDK, Java Technology Edition Quarterly CPU - Jul 2020 - Includes Oracle Jul 2020 CPU plus one additional vulnerability...

Medium: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with networ...

Security Bulletin: Java Vulnerability affects IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2)

Summary A number of Java vulnerabilities listed below affect IBM Watson Text to Speech and Speech to Text IBM Watson Speech Services for Cloud Pak for Data 1.2 Vulnerability Details CVEID: CVE-2020-14583 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could...

Security Bulletin: Java Vulnerablity affects IBM Watson Speech Services for Cloud Pak for Data 1.2

Summary https://exchange.xforce.ibmcloud.com/vulnerabilities/174538 - An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability...

OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Security. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Security. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JNDI. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

Arbitrary Code Execution

openjfx is vulnerable to arbitrary code execution.An easy-to-exploit vulnerability allows an unauthenticated attacker to compromise and takeover the Java SE...

Privilege Escalation

JavaFX is vulnerable to privilege escalation attacks. A remote unauthenticated attacker could gain elevated privileges resulting in takeover of Java SE. A successful attack requires human interaction from a person other than the attacker...

CVE-2018-3149

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JNDI. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...

Security Bulletin: Vulnerabilities in IBM Db2 and IBM Java Runtime affect IBM Spectrum Protect Server

Summary Multiple vulnerabilities in IBM Db2 and IBM Runtime Environment Java affect the IBM Spectrum Protect Server. The Java vulnerabilities were disclosed as part of the IBM Java SDK updates in January, April, and July 2020. Vulnerability Details CVEID: CVE-2019-9512 DESCRIPTION: Multiple vendo...