PT-2023-2664

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u361, 8u361-perf, 11.0.18, 17.0.6, 20 Oracle GraalVM Enterprise Edition versions 20.3.9, 21.3.5, 22.3.1 Description The issue is related to insufficient input validation in the JSSE component of Oracle Java SE and Orac...

PT-2023-2655

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u361, 8u361-perf, 11.0.18, 17.0.6, 20 Oracle GraalVM Enterprise Edition versions 20.3.9, 21.3.5, 22.3.1 Description The issue exists due to insufficient input validation in the Networking component of Oracle Java SE an...

PT-2023-2656

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u361, 8u361-perf, 11.0.18, 17.0.6, 20 Oracle GraalVM Enterprise Edition versions 20.3.8, 21.3.4, 22.3.0 Description The issue is related to insufficient input validation in the Libraries component of Oracle Java SE and...

PT-2023-2665

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u361, 8u361-perf, 11.0.18, 17.0.6, 20 Oracle GraalVM Enterprise Edition versions 20.3.9, 21.3.5, 22.3.1 Description The issue allows an unauthenticated attacker with network access via multiple protocols to compromise...

PT-2023-2396

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u361, 8u361-perf, 11.0.18, 17.0.6, 20 Oracle GraalVM Enterprise Edition versions 20.3.9, 21.3.5, 22.3.1 Description The vulnerability is related to the JSSE component of Oracle Java SE and Oracle GraalVM Enterprise...

PT-2023-2661

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u361, 8u361-perf, 11.0.18, 17.0.6 Oracle GraalVM Enterprise Edition versions 20.3.9, 21.3.5, 22.3.1 Description A difficult to exploit vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition allows an...

Security Bulletin: IBM Sterling Control Center is vulnerable to unauthenticated data manipulation due to Java SE (CVE-2021-2163)

Summary IBM Sterling Control Center has addressed a Java SE difficult to exploit vulnerability that allows unauthenticated attacker with network access to successfully create, delete or modify critical data. Vulnerability Details CVEID:CVE-2021-2163 DESCRIPTION: An unspecified vulnerability in Ja...

SUSE SLES15: java-1_8_0-ibm / java-1_8_0-ibm-32bit / java-1_8_0-ibm-alsa / etc (SUSE-SU-2022:4166-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4166-1 advisory. - CVE-2022-21626: An unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle...

SUSE-SU-2022:4166-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - CVE-2022-21626: An unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition bsc1204471. - CVE-2022-21618: An unauthenticated attacker with network access via Kerberos can...

SUSE SLED15: java-17-openjdk / java-17-openjdk-accessibility / etc (SUSE-SU-2022:4079-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4079-1 advisory. - Update to jdk-17.0.5+8 October 2022 CPU - CVE-2022-39399: Improve HTTP/2 client usagebsc120448...

SUSE SLED15: java-11-openjdk / java-11-openjdk-accessibility / etc (SUSE-SU-2022:4078-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4078-1 advisory. - Update to jdk-11.0.17+8 October 2022 CPU - CVE-2022-39399: Improve HTTP/2 client usagebsc12044...

SUSE SLES12: java-11-openjdk / java-11-openjdk-demo / java-11-openjdk-devel / etc (SUSE-SU-2022:4080-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4080-1 advisory. - Update to jdk-11.0.17+8 October 2022 CPU - CVE-2022-39399: Improve HTTP/2 client usagebsc1204480 - CVE-2022-21628: Better...

Security Bulletin: IBM® SDK Java™ Technology Edition, is used by IBM Tivoli Application Dependency Discovery Manager (TADDM) and is vulnerable to a denial of service (CVE-2021-35561, CVE-2022-21443, CVE-2022-21434,CVE-2022-21496,CVE-2022-21299).

Summary IBM® SDK Java™ Technology Edition, is used by IBM Tivoli Application Dependency Discovery Manager TADDM and is vulnerable to a denial of service CVE-2021-35561, CVE-2022-21443, CVE-2022-21434,CVE-2022-21496,CVE-2022-21299. Vulnerability Details CVEID:CVE-2022-21299 DESCRIPTION: An...

Rocky Linux 8 : java-11-openjdk (RLSA-2022:7012)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7012 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected...

Security Bulletin: IBM MQ is vulnerable to multiple issues within IBM® Runtime Environment Java™ Technology Edition, Versions 7 and 8 (CVE-2021-35603, CVE-2022-21305, CVE-2022-21291, CVE-2021-35550)

Summary Multiple issues were identified with IBM® Runtime Environment Java™ Technology Edition, version 7 that is packaged with IBM MQ 8.0 and version 8 that is packaged with IBM MQ 9.0, 9.1 and 9.2. Vulnerability Details CVEID:CVE-2021-35603 DESCRIPTION: An unspecified vulnerability in Java SE...

IBM Java 8.0 < 8.0.7.20 Multiple Vulnerabilities

The version of IBM Java installed on the remote host is prior to 8.0 8.0.7.20. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle October 18 2022 CPU advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE...

Security Bulletin: Multiple vulnerabilities may affect IBM® Semeru Runtime

Summary This bulletin covers all applicable Java SE CVEs published by OpenJDK as part of their October 2022 Vulnerability Advisory, plus CVE-2022-3676. For more information please refer to OpenJDK's October 2022 Vulnerability Advisory and the X-Force database entries referenced below. Vulnerabili...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.20.5)

The version of AOS installed on the remote host is prior to 5.20.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.20.5 advisory. - In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : OpenJDK vulnerabilities (USN-5719-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5719-1 advisory. It was discovered that OpenJDK incorrectly handled long client hostnames. An attacker could possibly use this issue t...

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality...