Security Bulletin: Security vulnerabilities have been identified in OpenSSL, IBM Java Runtime and the microcode shipped with the DS8000 Hardware Management Console (HMC)

Summary The updates indicated below have been released to address the following vulnerabilities: CVE-2016-2107 MITM attack in OpenSSL, CVE-2016-5547 Denial of service in IBM Runtime Environment Java™ CVE-2017-1123 Escalation of privilege in the DS8000 HMC Vulnerability Details CVEID: CVE-2016-210...

Security Bulletin: A vulnerabbility exists in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Configuration Manager (CVE-2021-35603).

Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2, which was disclosed in the Oracle October 2021 Critical Patch Update Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: A vulnerabbility exists in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Manager (CVE-2021-35603).

Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Manager IP Edition v4.2, which was disclosed in the Oracle October 2021 Critical Patch Update Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

Security Bulletin: Multiple vulnerabilities exist in the IBM® SDK, Java™ Technology Edition affecting IBM Tivoli Network Manager

Summary Multiple vulnerabilities exist in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Manager IP Edition v4.2, which was disclosed in the Oracle January 2022 Critical Patch Update. CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340...

GHSA-P566-WPXX-574M Missing Authorization in Jenkins WMI Windows Agents plugin

WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library. It provides a general-purpose remote command execution capability that Jenkins uses to check if Java is available, and if not, to install it. This library has a buffer overflow vulnerability that may allow user...

GHSA-XHW3-WMX2-76WF Buffer overflow in Jenkins WMI Windows Agents plugin

WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library. It provides a general-purpose remote command execution capability that Jenkins uses to check if Java is available, and if not, to install it. This library has a buffer overflow vulnerability that may allow user...

Important: Red Hat Security Advisory: java-17-openjdk security update

An update for java-17-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

PT-2022-20406 · Jenkins · Jenkins Wmi Windows Agents Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins WMI Windows Agents Plugin versions 1.8 and earlier Description: The Jenkins WMI Windows Agents Plugin includes the Windows Remote Command library, which does not implement access control. This potentially allows users to start process...

GHSA-F866-M9MV-2XR3 Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data

Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by 1 serializing a...

Apache Tomcat affected by infinite loop in Double.parseDouble method in Java Runtime Environment

The Double.parseDouble method in Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.229 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a...

CentOS: Security Advisory for java (CESA-2022:1487)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OpenJDK: URI parsing inconsistencies (JNDI, 8278972)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

ALSA-2022:1491 Important: java-1.8.0-openjdk security update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: OpenJDK: Defective secure validation in Apache Santuario Libraries, 8278008 CVE-2022-21476 OpenJDK: Unbounded memory allocation when compiling crafted...

Important: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: java-17-openjdk security and bug fix update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: Improper ECDSA signature verification Libraries, 8277233 CVE-2022-21449 OpenJDK: Defective secure validation in Apache Santuario Libraries, 82780...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Performance Tester. Rational Performance Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-35578 DESCRIPTION: ...

Security Bulletin: Vulnerability in IBM Java Runtime affects Host On-Demand

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by Host On-Demand. Host On-Demand has provided a fix for the applicable CVE. The issue was disclosed as part of the IBM Java SDK and Runtime Environment update CVE-2021-35603 deferred from Oracle Oct 2021 CPU...

Security Bulletin: Vulnerability in IBM Java Runtime affects Host On-Demand

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by Host On-Demand. Host On-Demand has provided a fix for the applicable CVE. The issue was disclosed as part of the IBM Java SDK and Runtime Environment updates deferred from Oracle Oct 2021 CPU CVE-2021-35550...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterprise

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Integration Bus & IBM App Connect Enterprise. These issues were disclosed as part of the IBM Java SDK updates in October 2021. Vulnerability Details CVEID: CVE-2021-35578 DESCRIPTION: An unspecified...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Watson Explorer and Watson Explorer Content Analytics Studio (CVE-2021-35550, CVE-2021-35603)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Watson Explorer and Watson Explorer Content Analytics Studio. Watson Explorer and Watson Explorer Content Analytics Studio have addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-35550...