Security Bulletin: IBM DataPower Gateway affected by multiple issues in JRE

Summary IBM has addressed the following CVEs, which potentially affect JDBC, IMS Callout and JMS components Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects App Connect Professional.

Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in April 2023, App Connect Professional have addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-21930...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to unspecified multiple vulnerabilities in Oracle Java SE, Oracle GraalVM Enterprise Edition

Summary Potential unspecified multiple vulnerabilities in Oracle Java SE, Oracle GraalVM Enterprise Edition has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An...

Security Bulletin: Multiple CVEs may affect IBM® SDK, Java™ Technology Edition shipped with IBM CICS TX Advanced

Summary CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938 and CVE-2023-2597 may affect IBM® SDK, Java™ Technology Edition shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVEs. Vulnerability Details...

Security Bulletin: Multiple CVEs may affect IBM® SDK, Java™ Technology Edition shipped with IBM CICS TX Standard

Summary CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938 and CVE-2023-2597 may affect IBM® SDK, Java™ Technology Edition shipped with IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVEs. Vulnerability Details...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool. These issues were disclosed as part of the IBM Java SDK updates in Apr 2023. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle...

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects TPF Toolkit

Summary A vulnerability in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ that is used by TPF Toolkit has been addressed. Vulnerability Details CVEID:CVE-2023-21967 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the...

Security Bulletin: IBM Watson Explorer is affected by multiple vulnerabilities in Java

Summary IBM Watson Explorer contains a vulnerable version of Java. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an unauthenticated attacker to cause high...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (ITNCM)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6, 7, 8 and IBM® Runtime Environment Java™ Technology Edition, Versions 6, 7, 8 used by IBM Tivoli Netcool Configuration Manager. These issues were disclosed as part of the IBM Java SDK updates in January...

Security Bulletin: Multiple vulnerabilities may affect IBM® Semeru Runtime

Summary This bulletin covers all applicable Java SE CVEs published by OpenJDK as part of their January 2023 Vulnerability Advisory, plus CVE-2022-4304. For more information please refer to OpenJDK's January 2023 Vulnerability Advisory and the X-Force database entries referenced below. Vulnerabili...

Security Bulletin: CVE-2022-21426 may affect JAXP component in Java SE used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint

Summary CVE-2022-21426 vulnerability in JAXP component in Java SE could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. Vulnerability Details CVEID:CVE-2022-21426 DESCRIPTION: An unspecified vulnerability in Java ...

SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-openjdk (SUSE-SU-2023:2242-2)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2242-2 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE...

F5 Networks BIG-IP : OpenJDK vulnerability (K000134793)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000134793 advisory. Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Support...

Security Bulletin: IBM Storage Protect Server is vulnerable to denial of service due to Java SE (CVE-2022-21426)

Summary Java SE is used by the IBM Storage Protect Server and may be affected by this vulnerability. Vulnerability Details CVEID:CVE-2022-21426 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service...

Security Bulletin: IBM Storage Protect Server is vulnerable to denial of service due to Java SE (CVE-2023-21830, CVE-2023-21843)

Summary Java SE is used by IBM Storage Protect Server and may be affected by this vulnerability. Vulnerability Details CVEID:CVE-2023-21830 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization component could allow a remote attacker to cause a denial of service...

Security Bulletin: IBM Storage Protect Operations Center is vulnerable to denial of service due to Java SE (CVE-2023-21830, CVE-2023-21843)

Summary Java SE is used by IBM Storage Protect Operations Center and may be affected by this vulnerability. Vulnerability Details CVEID:CVE-2023-21830 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization component could allow a remote attacker to cause a denial of...

Security Bulletin: IBM Storage Protect Operations Center is vulnerable to denial of service due to Java SE (CVE-2022-21426)

Summary Java SE is used by IBM Storage Protect Operations Center and may be affected by this vulnerability. Vulnerability Details CVEID:CVE-2022-21426 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of...

K000135149: Oracle Java SE vulnerability CVE-2023-21938

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 a...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to information exposure in Java SE (CVE-2022-21476)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to information exposure in Java SE related to the Libraries component CVE-2022-21476. Java SE is included as part of our microservice components. This vulnerabilitiy has been addressed. Please read the details f...

Security Bulletin: Vulnerabilities in Oracle Java SE might affect IBM Spectrum Copy Data Management (CVE-2023-21968, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21937, CVE-2023-21930)

Summary IBM Spectrum Copy Data Management can be affected by vulnerabilities in Oracle Java SE. Vulnerabilities include allowing an unauthenticated and remote attacker to cause high confidentiality impact, high integrity impact, and high availability impact, as described by the CVEs in the...