Security Bulletin: A vulnerability may affect IBM® SDK, Java™ Technology Edition used in Liberty for Java for IBM Cloud (CVE-2020-2590)

Summary CVE-2020-2590 was disclosed in the Oracle January 2020 Critical Patch Update. Vulnerability Details CVEID:CVE-2020-2590 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact...

Security Bulletin: IBM Sterling Connect:Direct Browser User Interface vulnerable to multiple issues due to IBM Runtime Environment Java

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions. Sterling Connect:Direct Browser User Interface has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-21496 DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI component...

Security Bulletin: Due to use of IBM® SDK Java™ Technology Edition, IBM Virtualization Engine TS7700 is vulnerable to a data integrity threat (CVE-2022-21496)

Summary IBM Virtualization Engine TS7700 is vulnerable to a data integrity threat CVE-2022-21496 due to the use of IBM® SDK Java™ Technology Edition, Version 8. The SDK is used by the TS7700 to provide the Management Interface, to perform cache management, and to provide Transparent Cloud Tiering...

Security Bulletin: Security vulnerability is addressed with IBM Cloud Pak for Business Automation iFixes for September 2022 (CVE-2021-2163)

Summary In addition to many updates of operating system level packages, the following security vulnerability is addressed with IBM Cloud Pak for Business Automation 21.0.3-IF013 and 22.0.1-IF003. Vulnerability Details CVEID:CVE-2021-2163 DESCRIPTION: An unspecified vulnerability in Java SE relate...

Security Bulletin: IBM Security Identity Governance and Intelligence is vulnerable to unauthenticated access resulting in various threats (CVE-2022-21496)

Summary IBM Security Identity Governance and Intelligence is vulnerable to sensitive information access, data manipulation and denial of service by an unauthenticated attacker due to a vulnerability in Java SE related to the JNDI component CVE-2022-21496. The fix includes upgrading Java SE and...

OpenJDK: Incomplete enforcement of JAR signing disabled algorithms (Libraries, 8249906)

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2...

Moderate: Red Hat Security Advisory: java-1.7.1-ibm security update

An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Security Bulletin: CVE-2022-21299 may affect JAXP component used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary CVE-2022-21299 vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. Vulnerability Details CVEID:CVE-2022-21299 DESCRIPTION: An unspecified...

Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affect IBM Decision Optimization Center (CVE-2021-35561)

Summary There is a vulnerability in IBM® SDK Java™ and IBM® Runtime Environment Java™ Versions 7 & 8 used by IBM Decision Optimization Center. IBM Decision Optimization Center has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2021-35561 DESCRIPTION: An unspecified vulnerability in...

Security Bulletin: Enterprise Content Management System Monitor is affected by CVE-2022-21496, CVE-2022-21434 and CVE-2022-21443 vulnerability in Java SE related to the JNDI component

Summary Vulnerability found in Java SE related to the JNDI component used by Enterprise Content Management System Monitor. Enterprise Content Management System Monitor has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-21496 DESCRIPTION: An unspecified vulnerability in Java SE...

Security Bulletin: Vulnerabilities in IBM Semeru Runtime affect SPSS Collaboration and Deployment Services (CVE-2022-21496, CVE-2022-21426)

Summary There are vulnerabilities in IBM® Semeru Runtime Open Edition 11 used by SPSS Collaboration and Deployment Services. The issues have been addressed. Vulnerability Details CVEID:CVE-2022-21496 DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI component could allow an...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM App Connect Enterprise and IBM Integration Bus

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM App Connect Enterprise and IBM Integration Bus. These issues were disclosed as part of the IBM SDK, Java Technology Edition Quarterly CPU - Apr 2022 includes Oracle April 2022 CPU. The fix includes IBM Jav...

Security Bulletin: Potential security exposure when using IBM® InfoSphere® Streams due to vulnerabilities in IBM Java™ SE Version 6 SDK.

Abstract IBM InfoSphere Streams makes use of IBM Java SE Version 6 SR12 SDK. Potential security exposures exist in IBM InfoSphere Streams due to vulnerabilities in IBM Java SE Version 6 SDK. Content VULNERABILITY DETAILS: CVE-2013-0440, CVE-2013-0443 DESCRIPTION: Vulnerabilities in the IBM Java S...

Security Bulletin: Potential security exposure when using IBM InfoSphere Streams due to vulnerabilities in IBM Java SE Version 6 SDK.

Abstract IBM InfoSphere Streams makes use of IBM Java SE Version Version 6 SDK. Potential security exposures exist in IBM InfoSphere Streams due to vulnerabilities in IBM Java SE Version 6 SDK. Content VULNERABILITYDETAILS: CVE-2012-1718, CVE-2012-3143, CVE-2012-3159, CVE-2012-5081 DESCRIPTION:...

Security Bulletin: Potential security vulnerabilities in WebSphere Partner Gateway Express for the Oracle CPU April 2013.

Abstract The IBM WebSphere Partner Gateway is shipped with an IBM Java SDK that is based on the Oracle SDK. Oracle has released April 2013 critical patch updates CPU which contain security vulnerability fixes and the IBM Java SDK that WebSphere Partner Gateway ships is affected. Content...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Real Time

Abstract Issues disclosed in the Oracle June 2013 Java SE Critical Patch Update, plus 7 additional vulnerabilities Content VULNERABILITY DETAILS: CVE IDs: CVE-2013-3006 CVE-2013-3007 CVE-2013-3008 CVE-2013-3009 CVE-2013-3010 CVE-2013-3011 CVE-2013-3012 CVE-2013-2468 CVE-2013-2469 CVE-2013-2465...

GLSA-202209-15 : Oracle JDK/JRE: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202209-15 Oracle JDK/JRE: Multiple vulnerabilities - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java S...

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime affect z/Transaction Processing Facility

Summary There are multiple vulnerabilities in IBM® Semeru Runtime Certified Edition 11 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-34169 DESCRIPTION: The Apache Xalan Java XSLT library could allow a remote attacker to execute...

Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related Java SE and Node

Summary Vulnerabilities in Node and Java SE such as HTTP request smuggling, execution of arbitrary code, gain elevated privileges on the system and unauthorized operations may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2022-32214 DESCRIPTION: Node.js is vulnerable to HTTP reques...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.20.3.5)

The version of AOS installed on the remote host is prior to 5.20.3.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.20.3.5 advisory. - CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was...