Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple Java security vulnerabilities listed herein Vulnerability Details CVEID: CVE-2023-4759 DESCRIPTION: Eclipse JGit could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of case insensitive...

PT-2023-36039 · Oracle · Java

Name of the Vulnerable Software and Affected Versions: Java affected versions not specified Description: A security exception crash has been reported. The crash involves the com.github.javaparser.GeneratedJavaParser.Expression and specific methods within java.base/sun.nio.cs.CESU 8$Encoder,...

cn.net.vidyo:dylink-vidyo-ws-sdk (>=2.1.0.16.RELEASE <=3.0.0.3.RELEASE), com.aftia.plugin:aem-build-maven-plugin.core (>=1.2.1 <=1.2.2) +286 more potentially affected by CVE-2023-40743 via org.apache.axis:axis (=1.4)

org.apache.axis:axis MAVEN version =1.4 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.axis:axis and may be impacted: - cn.net.vidyo:dylink-vidyo-ws-sdk =2.1.0.16.RELEASE, =1.2.1, =1.0.0, =1.4-build003, =0.9.1, =0.0.3.M1, =0.0.3.M1,...

SUSE-SU-2023:3332-1 Security update for java-1_8_0-openj9

This update for java-180-openj9 fixes the following issues: OpenJDK was updated to version 8u382 build 05 with OpenJ9 0.40.0 VM: - CVE-2023-22045: Fixed vulnerability in hotspot component bsc1213481. - CVE-2023-22049: Fixed vulnerability in library component bsc1213482...

SUSE-SU-2023:3023-1 Security update for java-17-openjdk

This update for java-17-openjdk fixes the following issues: Updated to version jdk-17.0.8+7 July 2023 CPU: - CVE-2023-22006: Fixed vulnerability in the network component bsc1213473. - CVE-2023-22036: Fixed vulnerability in the utility component bsc1213474. - CVE-2023-22041: Fixed vulnerability in...

PT-2023-35926 · Oracle · Java

Name of the Vulnerable Software and Affected Versions: Java affected versions not specified Description: The issue is related to a security exception in the Java java.util.regex package, specifically in the Pattern$GroupTail.match function. The crash occurs when the BufferedWriter attempts to wri...

SUSE-SU-2023:2990-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Updated to jdk-11.0.20+8 July 2023 CPU: - CVE-2023-22006: Fixed vulnerability in the network component bsc1213473. - CVE-2023-22036: Fixed vulnerability in the utility component bsc1213474. - CVE-2023-22041: Fixed vulnerability in the...

Security Bulletin: Watson CP4D Data Stores is vulnerable to SAP NetWeaver AS for JAVA security bypass vulnerability ( CVE-2023-30744)

Summary Potential SAP NetWeaver AS for JAVA security bypass vulnerability CVE-2023-30744 has been identified that may affect Watson CP4D Data Stores. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-30744 DESCRIPTION: SAP NetWeaver AS for JAVA could allow a remote...

com.baomidou:kisso (>=2.0 <=3.6.10), com.baomidou:spring-wind (>=1.0 <=1.1.4) +91 more potentially affected by CVE-2023-33201 via org.bouncycastle:bcprov-jdk14 (>=1.49 <=1.73)

org.bouncycastle:bcprov-jdk14 MAVEN version =1.49, =2.0, =1.0, =9.1.20, =0.1.1, =1.0.1.0.20180504134220, =1.5.4, =2.2, =2.0.1, =7.0, =1.5, =12.3, =22.2.3 and more Source cves: CVE-2023-33201 Source advisory: OSV:GHSA-HR8G-6V94-X4M9...

SUSE-SU-2023:2242-2 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - Updated to version jdk8u372 icedtea-3.27.0: - CVE-2023-21930: Fixed an issue in the JSSE component that could allow an attacker to access critical data without authorization bsc1210628. - CVE-2023-21937: Fixed an issue in the Networki...

SUSE-SU-2023:2491-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - CVE-2023-21930: Fixed possible compromise from unauthenticated attacker with network access via TLS bsc1210628. - CVE-2023-21937: Fixed vulnerability inside the networking component bsc1210631. - CVE-2023-21938: Fixed vulnerability inside...

SUSE-SU-2023:2476-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - CVE-2023-21930: Fixed possible compromise from unauthenticated attacker with network access via TLS bsc1210628. - CVE-2023-21937: Fixed vulnerability inside the networking component bsc1210631. - CVE-2023-21938: Fixed vulnerability inside...

Securing Spring Boot Applications With SSL

Secure Sockets Layer SSL and Transport Layer Security TLS are key components of securing communications between systems in a layered or service-oriented architecture. Spring Boot applications in such an architecture often accept incoming network connections or create outgoing connections, and...

OESA-2023-1288 openjdk-1.8.0 security update

The OpenJDK runtime environment 8. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition:...

SUSE-SU-2023:2238-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - Updated to version jdk8u372 icedtea-3.27.0: - CVE-2023-21930: Fixed an issue in the JSSE component that could allow an attacker to access critical data without authorization bsc1210628. - CVE-2023-21937: Fixed an issue in the Networki...

SUSE-SU-2023:2110-1 Security update for java-17-openjdk

This update for java-17-openjdk fixes the following issues: Update to upstrem tag jdk-17.0.7+7 April 2023 CPU Security fixes: - CVE-2023-21930: Fixed AES support bsc1210628. - CVE-2023-21937: Fixed String platform support bsc1210631. - CVE-2023-21938: Fixed runtime support bsc1210632. -...

OpenJDK: improper connection handling during TLS handshake (8294474)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit...

SUSE-SU-2023:1850-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 8 bsc1208480: Security fixes: - CVE-2023-21830: Fixed improper restrictions in CORBA deserialization bsc1207249. - CVE-2023-21835: Fixed handshake DoS attack against DTLS connections bsc1207246. -...

SUSE-SU-2023:1823-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 8 bsc1208480: Security fixes: - CVE-2023-21830: Fixed improper restrictions in CORBA deserialization bsc1207249. - CVE-2023-21835: Fixed handshake DoS attack against DTLS connections bsc1207246. -...

SUSE-SU-2023:0720-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: Updated to version jdk8u362 icedtea-3.26.0: - CVE-2023-21830: Fixed improper restrictions in CORBA deserialization bsc1207249. - CVE-2023-21843: Fixed soundbank URL remote loading bsc1207248...