Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to Java SE

Summary Vulnerabilities in Java SE such as remote attacker to cause high availability impact, unauthenticated attacker to cause high confidentiality impact and high integrity impact, may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified...

Security Bulletin: IBM Security Verify Governance is affected by multiple vulnerabilities

Summary IBM Security Verify Governance uses various components, such as IBM Java, and Dojo. Security vulnerabilities in multiple components have been addressed in the IBM Security Verify Governance update. Vulnerability Details CVEID:CVE-2021-22569 DESCRIPTION: Google Protocol Buffer protobuf-jav...

Information Disclosure

openjdk8 is vulnerable to Information Disclosure. An attacker can access the vulnerable library through the multiple network and gain read access to the subset of Oracle Java SE, Oracle GraalVM Enterprise Edition and Oracle GraalVM...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle...

Security Bulletin: Vulnerabilities in IBM Semeru Runtime affects Host On-Demand

Summary There is a vulnerability in IBM Semeru Runtime used by Host On-Demand. Host On-Demand has provided a fix for the applicable CVE. These issues were disclosed as part of the IBM Semeru Runtime Quarterly CPU - Apr 2023 - Includes OpenJDK April 2023 CPU. Vulnerability Details...

Security Bulletin: IBM Operational Decision Manager September 2023 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-2253...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM Storage Scale

Summary There is a vulnerability in IBM SDK Java Technology Edition, used by IBM Storage Scale. This issue was disclosed as part of the IBM Java SDK updates in April 2023. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM...

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID:CVE-2022-3676 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by improper runtime type check by the interface calls. By sending a specially-crafted request...

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2022-43909 DESCRIPTION: IBM Security Guardium is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended...

Debian dla-3571 : openjdk-11-dbg - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3571 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3571-1 [email protected]...

Security Bulletin: Vulnerabilities in Golang, openSSH and openJDK might affect IBM Spectrum Copy Data Management

Summary BM Spectrum Copy Data Management can be affected by vulnerabilities in Golang Go, openSSH and openJDK. Vulnerabilities include allowing a local attacker to cause high confidentiality impacts, allowing a remote authenticated attacker to cause high and low integrity impacts , allowing a...

OESA-2023-1646 openjdk-1.8.0 security update

The OpenJDK runtime environment 8. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily...

Security Bulletin: Vulnerability in Open JDK affecting Rational Functional Tester

Summary There is vulnerability in Open JDK Version 8, OpenJ9 used by Rational Functional Tester RFT. RFT has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-22049 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow a remote attack...

Security Bulletin: Multiple Security vulnerabilities in IBM Java in FileNet Content Manager

Summary Multiple Security vulnerabilities in IBM Java in FileNet Content Manager, affected, not vulnerable Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an...

OESA-2023-1600 openjdk-latest security update

The OpenJDK runtime environment. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily...

Security Bulletin: TADDM affected by multiple vulnerabilities due to IBM Java and its runtime

Summary IBM Tivoli Application Dependency Discovery Manager is vulnerable to denial of service due to use of IBM Java and runtimes CVE-2023-21930, CVE-2023-21967,CVE-2023-21954, CVE-2023-21939,CVE-2023-21968,CVE-2023-21937, CVE-2023-21938,CVE-2023-2597 Vulnerability Details CVEID:CVE-2023-21930...

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and iFix Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the HttpServletRequest.getParameter or...

Important: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access vi...

Oracle Linux 8 : java-11-openjdk (ELSA-2019-3135)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3135 advisory. 1:11.0.5.10-0.0.1 - link atomic for ix86 build Livy Ge 1:11.0.5.10-0 - Update to shenandoah-jdk-11.0.5+10 GA - Switch to GA mode for final release. -...

Oracle Linux 8 : java-1.8.0-openjdk (ELSA-2019-3134)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3134 advisory. 1:1.8.0.232.b09-0 - Update to aarch64-shenandoah-jdk8u232-b09. - Switch to GA mode for final release. - Remove PR1834/RH1022017 which is now handled by...