Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management Core Framework.

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 Core Framework IF27 patch. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause no...

IBM MQ 9.3 CD (7167215)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7167215 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Concurrency. Supported versions that are affected are Oracle...

Security Bulletin: Vulnerability in Oracle Java SE affects watsonx.data

Summary An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an unauthenticated attacker to cause high confidentiality impact and high integrity impact. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-21930...

Security Bulletin: Multiple vulnerabilities in Open JDK affecting Rational Functional Tester / DevOps Test UI

Summary There are multiple vulnerabilities in Open JDK Version 8, OpenJ9 used by Rational Functional Tester RFT / Open JDK Version 17, OpenJ9 used by DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21131 DESCRIPTION: An unspecified...

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.20 LTS, 12.0.3 LTS and 12.3.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported...

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to a vulnerability in IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE, which is impacted by CVE-2024-39747. Vulnerability Details CVEID:CVE-2024-39747 DESCRIPTION: IBM Sterling Connect:Direct Web Services uses default credentials for potentially critical functionality. CVSS Base score: 8.1 CVSS Tempor...

Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details CVEID:CVE-2024-3933 DESCRIPTION: Eclipse Openj9 could allow a local authenticated attacker to bypass security restrictions, caused by the failure to restrict...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.5 is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.5 is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability...

IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7166876)

The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the 7166876 advisory. - In Eclipse OpenJ9 release versions prior to 0.44.0 and after 0.13.0, when running with JVM option...

Security Bulletin: There are multiple vulnerabilities that affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.

Summary There are multiple vulnerabilities that affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. Updates for CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition have been released to address these vulnerabilities...

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data

Summary There are multiple vulnerabilities in IBM® Semeru Runtime Version 17 used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21085 DESCRIPTION: An unspecified...

ROS-20240826-16

A vulnerability in the Concurrency component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK, and Oracle Java SE software platform is related to insufficient input validation. for JDK and Oracle Java SE software platform is related to insufficient input validation...

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE which is vulnerable to multiple CVEs. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause no confidentiality impact, low...

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE which is affected by CVE-2024-39745. Vulnerability Details CVEID:CVE-2024-39745 DESCRIPTION: IBM Sterling Connect:Direct Web Services uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly...

ROS-20240820-14

A vulnerability in the JavaFX component of Oracle GraalVM Enterprise Edition virtual machine and Oracle Java SE software platform is related to insufficient input validation. Oracle Java SE platform is related to insufficient input data validation. Exploitation of the vulnerability could allow an...

ROS-20240820-12

A vulnerability in the JavaFX component of Oracle GraalVM Enterprise Edition virtual machine and Oracle Java SE software platform is related to insufficient input validation. Oracle Java SE platform is related to insufficient input data validation. Exploitation of the vulnerability could allow an...

ROS-20240820-13

A vulnerability in the JavaFX component of Oracle GraalVM Enterprise Edition virtual machine and Oracle Java SE software platform is related to insufficient input validation. Oracle Java SE platform is related to insufficient input data validation. Exploitation of the vulnerability could allow an...

The vulnerability of the Hotspot component in Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform allows a malicious individual to gain unauthorized access to read, modify, or delete data.

The vulnerability of the Hotspot component in Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform is related to insufficient protection of service data. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized acce...

Security Bulletin: Several Security Vulnerabilities have been addressed in IBM Security Directory Suite. (CVE-2022-21426, CVE-2023-21830, CVE-2023-21843)

Summary Mulitiple Security Vulnerabilities have been discovered in the Java SE component as shipped with IBM Security Directory Suite. These have been addressed in an update. Vulnerability Details CVEID:CVE-2022-21426 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP...

Security Bulletin: Multiple vulnerabilities affect IBM® Semeru Runtime

Summary This bulletin for IBM Semeru Runtime covers all applicable Java SE CVEs published by OpenJDK as part of their July 2024 Vulnerability Advisory. For more information please refer to OpenJDK's July 2024 Vulnerability Advisory and the X-Force database entries referenced below. Vulnerability...