Security Bulletin: Multiple security vulnerabilities in IBM Java SDK affects IBM Voice Gateway

Summary Multiple security vulnerabilities in IBM Java SDK affects IBM Voice Gateway Vulnerability Details CVEID: CVE-2020-2604 DESCRIPTION: An unspecified vulnerability in Java SE could allow an unauthenticated attacker to take control of the system. CVSS Base score: 8.1 CVSS Temporal Score: See:...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2019 - Includes Oracle Oct 2019 CPU minus CVE-2019-2949

Summary All applicable Java SE CVEs published by Oracle as part of their October 2019 Critical Patch Update, except for CVE-2019-2949, plus one additional vulnerability. See attached document for full details. Note that the following CVEs were incorrectly added to the list of vulnerabilities...

OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Security. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

CVE-2020-2585

Vulnerability in the Java SE product of Oracle Java SE component: JavaFX. The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...

CVE-2019-2973

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM (CVE-2019-2816, CVE-2019-2762, CVE-2019-2769)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by IBM QRadar SIEM. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-2816 DESCRIPTION: Vulnerability in the Java SE,...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Planning Analytics.

Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Planning Analytics 2.0.6. There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by IBM Planning Analytics 2.0.5 and lower. IBM Planning Analytics 2.0.6 has addressed the applicab...

Security Bulletin:Multiple Security Vulnerabilities exist in IBM Cognos Insight

Summary Several vulnerabilities have been addressed for: IBM SDK Java Technology Edition Quarterly CPU Oct 2015, including Oracle Oct 2015 CPU; IBM SDK Java Technology Edition Quarterly CPU Jan 2016, including Oracle Jan 2016 CPU; Java specific SLOTH Weak MD5 Signature Hash; and several OpenSSL...

Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2020-1396)

The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.242.b08-0. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1396 advisory. Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Support...

OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Security. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0.5.40 and 7.0.10.45 used by IBM Cast Iron. These issues were disclosed as part of the IBM Java SDK updates in July 2019. IBM Cast Iron has addressed the applicable CVEs. Vulnerability Details CVEID:...

Security Bulletin: Oct 2019 : Multiple vulnerabilities in IBM Java Runtime affect TXSeries for Multiplatforms

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7.0, 7.1 and 8.0 used by IBM TXSeries for Multiplatforms. IBM TXSeries for Multiplatforms has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An unspecified vulnerability i...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Netcool Agile Service Manager. IBM Netcool Agile Service Manager has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in July 2019. Vulnerability Detail...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for SAP Applications

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Java™ Version 7 and Java™ Version 8 that is used by IBM Content Collector for SAP Applications. These issues were disclosed as part of the IBM Java SDK updates in Oct 2019. Vulnerability Details CVEID: CVE-2019-2989...

Security Bulletin: A vulnerability in IBM Java SDK affects IBM Operations Analytics Predictive Insights October 2019 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 Service Refresh 10 Fix Pack 1 that is used by IBM Operations Analytics Predictive Insights 1.3.5 and earlier. There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 Service Refre...

OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server January 2020 CPU that is bundled with IBM WebSphere Application Server Patterns

Summary There are multiple vulnerabilities in the IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM Java SDK updates in January 2020. Vulnerability Details CVEID: CVE-2020-2604 DESCRIPTION: An unspecified vulnerability in...

CVE-2019-2989

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

CVE-2019-2684

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...