Security Bulletin: A vulnerability in Java SE related to the Libraries component affects IBM Control Center (CVE-2020-14782)

Summary A flaw in the CertPath implementation allows certificate fingerprint checks to be bypassed under certain circumstances. The fix ensures that certificate fingerprint checks cannot be bypassed in this way. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability...

Security Bulletin: A vulnerability in Java SE affects IBM Control Center (CVE-2020-2773)

Summary Two XML Digital Signature APIs implemented in the XMLDSigRI provider throw unexpected Exception types. An attacker could exploit this to inflict a DoS. The fix ensures that all Exceptions thrown from these APIs are wrapped in instances of javax.xml.crypto.MarshalException. Vulnerability...

Security Bulletin: A vulnerability in Java SE affects IBM Control Center (CVE-2020-14781)

Summary Under certain circumstances, encrypted LDAP connections can be downgraded to unencrypted connections. The fix ensures that encrypted LDAP connections cannot be downgraded in this way. Vulnerability Details CVEID: CVE-2020-14781 DESCRIPTION: An unspecified vulnerability in Java SE related ...

Security Bulletin: A vulnerability in Java SE affects IBM Control Center (CVE-2021-35550)

Summary A flaw in the JSSE component causes cipher suites to be offered in the wrong order, with some weaker cipher suites ahead of stronger cipher suites. The fix ensures that stronger cipher suites are offered before weaker cipher suites. Vulnerability Details CVEID: CVE-2021-35550 DESCRIPTION:...

Security Bulletin: A vulnerability in Java SE affects IBM Control Center (CVE-2021-2369)

Summary A flaw in the JAR validation implementation may, under certain limited circumstances, lead to a failure to detect signedJAR files that have been modified. The fix ensures that JARs that have been modified since they were signed are properly detected and treated asunsigned. Vulnerability...

Security Bulletin: Vulnerabilities in Java SE and Eclipse OpenJ9 affect IBM Control Center (CVE-2020-14803 & CVE-2020-27221)

Summary A buffer overflow flaw has been found in a widely used function in the OpenJ9 JVM, which is employed when writingcharacters to a file. We have not identified any specific exploits, but it is very likely that the flaw is exploitable to trigger a crash or run arbitrary code. The fix ensures...

Security Bulletin: A vulnerability in Java SE affects IBM Control Center (CVE-2021-2161)

Summary A flaw in the java.lang.ProcessBuilder API on the Windows platform leads to mishandling of escaped quotes inargument strings in certain circumstances. This allows an attacker to manipulate the Process command line andpotentially run unexpected commands.The fix ensures that quotes are...

Security Bulletin: A vulnerability in Java SE affects IBM Control Center (CVE-2021-35603)

Summary A number of operations in the JSSE component are implemented in a way that means they could be exploited by anattacker in a side-channel attack due to timing differences. The fix ensures that the operations complete in constant-time. Vulnerability Details CVEID: CVE-2021-35603 DESCRIPTION...

openSUSE 15 Security Update : java-11-openjdk (openSUSE-SU-2022:0816-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0816-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported...

Security Bulletin: A vulnerability in IBM® SDK, Java™ may affect IBM Decision Optimization Center (CVE-2021-35550)

Summary There is a vulnerability in IBM® Java™ versions 7 & 8 used by IBM Decision Optimization Center. IBM Decision Optimization Center has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component...

openSUSE 15 Security Update : java-1_8_0-openj9 (openSUSE-SU-2022:0870-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0870-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported...

openSUSE 15 Security Update : java-1_8_0-openjdk (openSUSE-SU-2022:0873-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0873-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported...

SUSE SLES15: java-1_8_0-openjdk / java-1_8_0-openjdk-demo / etc (SUSE-SU-2022:0873-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0873-1 advisory. Update to version jdk8u322 icedtea-3.22.0 Including the following security fixes: - CVE-2022-21248, bsc1194926: Enhance cross VM...

SUSE SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2022:0871-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0871-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization...

SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2022:0816-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0816-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component:...

AlmaLinux 8 : java-17-openjdk (ALSA-2022:0161)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:0161 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are...

AlmaLinux 8 : java-1.8.0-openjdk (ALSA-2022:0307)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:0307 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are...

AlmaLinux 8 : java-11-openjdk (ALSA-2022:0185)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:0185 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are...

Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to IBM Dojo (CVE-2021-234550), Java SE (CVE-2021-35578), IBM WebSphere Application Server - Liberty (CVE-2021-39031), Apache Log4j (CVE-2021-44832) and Gson (217225)

Summary IBM Spectrum Control has multiple vulnerabilities: arbitrary code execution due to Apache Log4j CVE-2021-44832 and Dojo CVE-2021-23450, denial of service due to Java SE CVE-2021-35578 and Gson 217225 and LDAP injection due to IBM Websphere Application Security - Liberty CVE-2021-39031. Th...

Azul Zulu Java Multiple Vulnerabilities (2022-01-18)

The version of Azul Zulu installed on the remote host is prior to 6 6.45 / 7 7.51.0.12 / 8 8.59.0.12 / 11 11.53.14 / 13 13.45.12 / 15 15.37.14 / 17 17.32.14. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022-01-18 advisory. - Vulnerability in the Oracle Java SE,...