Debian DLA-2769-1 : libxstream-java - LTS security update

The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-2769 advisory. - XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute...

Security Bulletin: Vulnerabilities in IBM Java Runtime and libxml2 affecting Tivoli Netcool/OMNIbus (Multiple CVEs)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition Version 8, as well as a vulnerability in GNOME libxml2 version 2.7.8. Both components are used by Tivoli Netcool/OMNIbus. The JRE vulnerability was disclosed as part of the IBM Java SDK updates in April 2021. Th...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-2341 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MessageGateway

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8.0 used by IBM MessageGateway. Vulnerability Details CVEID: CVE-2021-2388 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to take control of...

Security Bulletin: A vulnerability in IBM Java Runtime affects TXSeries for Multiplatforms

Summary IBM TXSeries for Multiplatforms has addressed the following vulnerability reported by IBM® Runtime Environment Java™ Vulnerability Details CVEID: CVE-2021-2161 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker t...

Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11, V12 (CVE-2021-2161)

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition, used by IBM Integration Bus & IBM App Connect Enterprise v11, V12. These issues were disclosed as part of the IBM Java SDK updates in April 2021 Vulnerability Details CVEID: CVE-2021-2161 DESCRIPTION: An unspecified vulnerability in Ja...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 and Version 8 used by Rational Directory Server Tivoli and Rational Directory Administrator. These issues were disclosed as part of the IBM Java SDK updates in July 2021. Upgrade the JRE in order to resolve the...

Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11, v12 (CVE-2020-2773)

Summary Vulnerabilities in IBM® SDK Java™ Technology ,used by IBM Integration Bus & IBM App Connect Enterprise v11, v12. These issues were disclosed as part of the IBM Java SDK updates in April 2020. Vulnerability Details CVEID: CVE-2020-2773 DESCRIPTION: An unspecified vulnerability in Java SE...

Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11, v12 (CVE-2020-14781)

Summary Vulnerabilities in IBM® SDK Java™ Technology ,used by IBM Integration Bus & IBM App Connect Enterprise v11, v12. These issues were disclosed as part of the IBM Java SDK updates in October 2020. Vulnerability Details CVEID: CVE-2020-14781 DESCRIPTION: An unspecified vulnerability in Java S...

The vulnerability of the Java Runtime Environment (JRE) component in Java SE software platforms allows attackers to execute arbitrary code.

The vulnerability of the Java Runtime Environment JRE component in Java SE programming platforms is related to the bypassing of security functions. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created applet...

VulnCheck KEV: CVE-2013-2471

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime Affect IBM Sterling External Authentication Server

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling External Authentication Server. IBM Sterling External Authentication Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14781 DESCRIPTION: An unspecified...

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Business Developer. Rational Business Developer has addressed the applicable CVE. This issue was disclosed as part of the IBM Java SDK and Runtime...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Service Tester. Rational Service Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-2773 DESCRIPTION: An...

CVE-2021-39152

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to request data from internal resources that are not publicly available by manipulating the processed input stream with Java runtime versions 14 to 8. The highest thre...

CVE-2021-39150

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to request data from internal resources that are not publicly available by manipulating the processed input stream with Java runtime versions 14 to 8. The highest thre...

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the box with JDK 1.7u21 or below. However, this scenario can be adjusted easily to an...

A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

Impact The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security...

A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

Impact The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security...

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime version 14 to 8 or with JavaFX installed. No user is affected, who followed the...