Security Bulletin: IBM Security Identity Governance and Intelligence is vulnerable to sensitive information exposure (CVE-2021-35550)

Summary IBM Security Identity Governance and Intelligence is vulnerable to sensitive information access by an unauthenticated attacker due to a vulnerability in Java SE related to the JSSE component CVE-2021-35550. The fix includes upgrading Java SE and Liberty to patched versions. Vulnerability...

Security Bulletin: IBM Security Identity Governance and Intelligence is vulnerable to Denial of Service (CVE-2021-35578)

Summary IBM Security Identity Governance and Intelligence is vulnerable to denial of service by an unauthenticated attacker due to a vulnerability in Java SE related to the JSSE component CVE-2021-35578. The fix includes upgrading Java SE and Liberty to patched versions. Vulnerability Details...

Security Bulletin: IBM Security Identity Governance and Intelligence is vulnerable to exposure of sensitive information (CVE-2021-35603)

Summary IBM Security Identity Governance and Intelligence is vulnerable to exposure of sensitive information to an unauthenticated attacker due to a vulnerability in Java SE related to the JSSE component CVE-2021-35603. The fix includes upgrading Java SE to the patched version. Vulnerability...

Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2022-1836)

The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.342.b07-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1836 advisory. Generated code produced by C1 may leak a package-private class to a class from a different package...

Amazon Linux 2 : java-1.7.0-openjdk (ALAS-2022-1835)

The version of java-1.7.0-openjdk installed on the remote host is prior to 1.7.0.321-2.6.28.2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1835 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE...

Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products Java CPU October 2021

Summary WebSphere Application Server traditional is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Enterprise Service Bus. WebSphere Application Server Liberty profile is shipped as a component of IBM Business Automation Workflow and IBM...

IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.5 (6598349)

The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.5. It is, therefore, affected by multiple vulnerabilities as referenced in the 6598349 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported...

Important: java-1.7.0-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to...

Important: java-11-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily...

Important: java-1.7.0-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2022-1633)

The version of java-1.7.0-openjdk installed on the remote host is prior to 1.7.0.321-2.6.28.1.86. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1633 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE...

SUSE SLES12: java-1_8_0-ibm / java-1_8_0-ibm-alsa / java-1_8_0-ibm-devel / etc (SUSE-SU-2022:3152-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3152-1 advisory. Note: the issues listed below were NOT fixed with the previous update 8.0-7.11. - Update to Java 8.0 Service Refresh 7 Fix Pack 15...

Security Bulletin: Enterprise Content Management System Monitor is affected by a vulnerability in Java SE related to the Utility component

Summary Vulnerability found in Java SE related to the Utility component used by Enterprise Content Management System Monitor. Enterprise Content Management System Monitor has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2021-35561 DESCRIPTION: An unspecified vulnerability in Java...

GLSA-202209-05 : OpenJDK: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202209-05 OpenJDK: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in OpenJDK. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.5.1.5)

The version of AOS installed on the remote host is prior to 6.5.1.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.5.1.5 advisory. - In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authenticati...

Amazon Linux 2022 : java-11-amazon-corretto, java-11-amazon-corretto-devel, java-11-amazon-corretto-headless (ALAS2022-2022-112)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-112 advisory. Generated code produced by C1 may leak a package-private class to a class from a different package. CVE-2022-21540 MethodHandle.invokeBasic method can be accessed on byte code level from an...

Amazon Linux 2022 : java-1.8.0-amazon-corretto, java-1.8.0-amazon-corretto-devel (ALAS2022-2022-119)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-119 advisory. Generated code produced by C1 may leak a package-private class to a class from a different package. CVE-2022-21540 MethodHandle.invokeBasic method can be accessed on byte code level from an...

Amazon Linux 2022 : java-1.8.0-amazon-corretto, java-1.8.0-amazon-corretto-devel (ALAS2022-2022-111)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-111 advisory. Generated code produced by C1 may leak a package-private class to a class from a different package. CVE-2022-21540 MethodHandle.invokeBasic method can be accessed on byte code level from an...

Amazon Linux 2022 : java-17-amazon-corretto, java-17-amazon-corretto-devel, java-17-amazon-corretto-headless (ALAS2022-2022-121)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-121 advisory. Generated code produced by C1 may leak a package-private class to a class from a different package. CVE-2022-21540 MethodHandle.invokeBasic method can be accessed on byte code level from an...

Amazon Linux 2022 : java-17-amazon-corretto, java-17-amazon-corretto-devel, java-17-amazon-corretto-headless (ALAS2022-2022-113)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-113 advisory. Generated code produced by C1 may leak a package-private class to a class from a different package. CVE-2022-21540 MethodHandle.invokeBasic method can be accessed on byte code level from an...