Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications

Summary Multiple Vulnerabilities were disclosed as part of the Oracle July 2023 Critical Patch Update. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality impacts. CV...

Security Bulletin: IBM Event Streams is affected by an unauthenticated access (CVE-2023-22045 and CVE-2023-22049).

Summary This security vulnerability in Java SE related to the VM component and Libraries component could allow a remote attacker to cause low confidentiality and integrity impacts. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM...

Security Bulletin: Multiple vulnerabilities affect IBM® Semeru Runtime

Summary This bulletin covers all applicable Java SE CVEs published by OpenJDK as part of their January 2024 Vulnerability Advisory, plus CVE-2024-22361. For more information please refer to OpenJDK's January 2024 Vulnerability Advisory and the X-Force database entries referenced below...

IBM Java 7.1 < 7.1.5.21 / 8.0 < 8.0.8.20 Multiple Vulnerabilities

The version of IBM Java installed on the remote host is prior to 7.1 7.1.5.21 / 8.0 8.0.8.20. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle January 16 2024 CPU advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise...

OESA-2024-1154 openjdk-11 security update

The OpenJDK runtime environment. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle...

OESA-2024-1153 openjdk-11 security update

The OpenJDK runtime environment. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle...

Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2024-2438)

The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.402.b06-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2438 advisory. A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : java-17-openjdk (SUSE-SU-2024:0325-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0325-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition...

Amazon Linux 2 : java-11-openjdk (ALASJAVA-OPENJDK11-2024-007)

The version of java-11-openjdk installed on the remote host is prior to 11.0.22.0.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2JAVA-OPENJDK11-2024-007 advisory. A vulnerability that allows an attacker to execute arbitrary java code from the javascript engi...

Important: java-1.8.0-openjdk

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : java-11-openjdk (SUSE-SU-2024:0321-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0321-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition...

OESA-2024-1127 openjdk-1.8.0 security update

Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1;...

K000138462: Oracle Java vulnerabilities CVE-2024-20922, CVE-2024-20923

Security Advisory Description CVE-2024-20922 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to...

Debian dsa-5613 : openjdk-17-dbg - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5613 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported...

Security Bulletin: IBM Sterling Control Center IBM JRE upgrade

Summary IBM Sterling Control Center uses Java SE. Vulnerability Details CVEID:CVE-2023-21967 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow a remote attacker to cause high availability impact. CVSS Base scor...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Java SE

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Java SE. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cause no confidentiality impac...

Debian dla-3728 : openjdk-11-dbg - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3728 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3728-1 [email protected]...

Improper Access Control

Oracle Java SE is vulnerable to Improper Access Control. The vulnerability is caused due to improper handling of untrusted code in the Java sandbox environment. This allows unauthenticated attackers with network access to exploit the system and gain unauthorized access to create, delete, or modif...

Unauthorized Access

Oracle Java SE is vulnerable to Unauthorized Access. The vulnerability is due to a flaw in the security component that allows a low-privileged attacker with logon access to the infrastructure to compromise the system, potentially resulting in unauthorized access to critical data or complete acces...

Unauthorized Data Manipulation

Oracle Java SE is vulnerable to Unauthorized Data Manipulation attack. The vulnerability is due to improper handling of data supplied to APIs in the Hotspot component without using untrusted Java Web Start applications or untrusted Java applets, which allows an unauthenticated attacker with netwo...