Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Digital Payments

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Financial Transaction Manager for Digital Payments. Financial Transaction Manager for Digital Payments FTM DP has addressed the applicable CVEs. Vulnerability Details If you run your own Java code using...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 and Version 8 used by Rational Directory Server Tivoli and Rational Directory Administrator. These issues were disclosed as part of the IBM Java SDK updates in January 2020. Upgrade the JRE in order to resolve...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Platform Symphony and IBM Spectrum Symphony

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 Service Refresh 5 Fix Pack 41 and earlier releases used by IBM Platform Symphony and IBM Spectrum Symphony. IBM Platform Symphony and IBM Spectrum Symphony have addressed the applicable CVEs. Vulnerability...

ysoserial

This is a proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. The tool, ysoserial, is a collection of utilities and property-oriented programming "gadget chains" discovered in common Java libraries that can, under the right conditions, exploit Java...

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Secure Proxy

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling Secure Proxy. These issues were disclosed as part of the IBM Java SDK updates in January 2019. Vulnerability Details CVEID: CVE-2018-12547 DESCRIPTION: Eclipse OpenJ9 is vulnerable to a...

Security Bulletin: Vulnerability in Rational Application Developer for WebSphere Software due to issues in IBM Java SDK (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169)

Summary The version of IBM WebSphere Application Server that is shipped with Rational Application Developer for WebSphere Software is shipped with an IBM Java SDK that is based on the Oracle SDK. Oracle has released February 2013 critical patch updates CPU which contain security vulnerability fix...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearQuest (CVE-2017-10115, CVE-2017-10116)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 6, 7, and 8, which are used by IBM Rational ClearQuest. These issues were disclosed as part of the IBM Java SDK updates in July 2017. Vulnerability Details CVEID: CVE-2017-10115 DESCRIPTION: An unspecified...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearQuest (CVE-2017-1289)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 6, 7, and 8, which are used by IBM Rational ClearQuest. These issues were disclosed as part of the IBM Java SDK updates in April 2017. Vulnerability Details CVEID: CVE-2017-1289 DESCRIPTION: IBM SDK, Java...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearQuest (CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 6, 7, and 8, which are used by IBM Rational ClearQuest. These issues were disclosed as part of the IBM Java SDK updates in January 2017. Vulnerability Details CVEID: CVE-2016-5546 DESCRIPTION: An unspecified...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Host On-Demand

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7.0, 7.1 and 8.0 used by IBM Host On-Demand. These issues were disclosed as part of the IBM Java SDK updates in Jul 2017 Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered wi...

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM ILOG CPLEX Optimization Studio and IBM CPLEX Enterprise Server

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM CPLEX Optimization Studio and IBM CPLEX Enterprise Server. IBM CPLEX Optimization Studio and IBM CPLEX Enterprise Server have addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-2958...

Security Bulletin: Security Vulnerabilities have been identified in IBM Java Runtime as shipped with Tivoli Federated Identity Manager

Summary IBM Java Runtime as shipped with Tivoli Federated Identity Manager. Information about security vulnerabilities affecting IBM Java Runtime have been published in a security bulletin. Vulnerability Details Refer to the security bulletinss listed in the Remediation/Fixes section Affected...

[SECURITY] [DSA 4605-1] openjdk-11 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4605-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 19, 2020 https://www.debian.org/security/faq -...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor 2.4, IBM Spectrum Conductor 2.3, and IBM Spectrum Conductor with Spark 2.2.1

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Spectrum Conductor 2.4, IBM Spectrum Conductor 2.3, and IBM Spectrum Conductor with Spark 2.2.1. IBM Spectrum Conductor 2.4, IBM Spectrum Conductor 2.3, and IBM Spectrum Conductor with Spark 2.2.1...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Host On-Demand

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8.0 SR5 FP 20 used by Host On-Demand. Host On-Demand has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in July 2019. Vulnerability Details...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Planning

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition Version 7 that is used by IBM Cognos Planning. These issues were disclosed as part of the IBM Java SDK updates in October 2018, January 2019, April 2019, July 2019 and October 2019. Vulnerability Detai...

OpenJDK: Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Concurrency. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MessageSight

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8.0 used by IBM WIoTP MessageGateway. These issues were disclosed as part of the IBM Java SDK updates in October 2019. Vulnerability Details CVEID: CVE-2019-2945 DESCRIPTION: An unspecified vulnerability in Java ...

Security Bulletin: Security vulnerabilities in IBM Java Runtime affect IBM License Key Server Administration and Reporting Tool and Agent

Summary There are multiple vulnerabilities related to IBM® Runtime Environment Java™ Technology Edition which is used and shipped by different versions of IBM License Key Server Administration and Reporting Tool ART and Agent. Vulnerability Details CVEID: CVE-2019-2933 DESCRIPTION: An unspecified...

Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Tivoli Netcool Configuration Manager (ITNCM) (CVE-2015-7575)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 6 Service Refresh 16 Fix Pack 5 and earlier releases that is used by ITNCM. This vulnerability, commonly referred to as “SLOTH”, was disclosed as part of the IBM Java SDK updates in January 2016...