Security Bulletin: Potential spoofing attack in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1695)

Summary There is a potential spoofing attack in WebSphere Application Server using Form Login when using Java SE 6 which affects IBM Spectrum Control formerly Tivoli Storage Productivity Center. This does not occur when using other versions of the Java SE. Vulnerability Details CVEID: CVE-2018-16...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2017-3511, CVE-2017-10115, CVE-2017-10116)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped and used by IBM Spectrum Control and Tivoli Storage Productivity Center. These issues were disclosed as part of the IBM Java SDK updates in April and July 2017. Vulnerability Details CVEID: CVE-2017-35...

Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2016-3485)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped and used by IBM Spectrum Control and Tivoli Storage Productivity Center. These issues were disclosed as part of the IBM Java SDK updates in July 2016. Vulnerability Details CVEID: CVE-2016-3485...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2016-5597 CVE-2016-5546 CVE-2016-5548 CVE-2016-5549 CVE-2016-5547 CVE-2016-2183)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ Technology Edition that is shipped and used by IBM Spectrum Control and Tivoli Storage Productivity Center. These issues were disclosed as part of the IBM Java SDK updates in October...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections. Vulnerability Details CVEID: CVE-2021-35560...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections. Vulnerability Details CVEID: CVE-2021-35560...

Medium: java-17-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to...

Medium: java-11-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to...

PT-2022-2363

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 7u331, 8u321, 11.0.14, 17.0.2, 18 Oracle GraalVM Enterprise Edition versions 20.3.5, 21.3.1, 22.0.0.2 Description The issue is related to insufficient protection of sensitive data in the Libraries component of Oracle Ja...

Amazon Linux 2 : java-11-amazon-corretto (ALAS-2022-1753)

The version of java-11-amazon-corretto installed on the remote host is prior to 11.0.14+9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1753 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE...

Amazon Linux 2 : java-17-amazon-corretto (ALAS-2022-1752)

The version of java-17-amazon-corretto installed on the remote host is prior to 17.0.2+8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1752 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE...

Security Bulletin: Cloud Pak for Security vulnerable to information exposure (CVE-2021-35567)

Summary Cloud Pak for Security v1.8.1.0 and earlier is vulnerable to CVE-2021-35567 due to the usage of Java SE in product components. This could allow an attacker to obtain potentially sensitve information. Cloud Pack for Security has issued a fix to address the issue. Vulnerability Details CVEI...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Directory Server

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, used by IBM Security Directory Server SDS. A new fix has addressed the issues. Vulnerability Details CVEID: CVE-2021-35578 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allo...

Debian DLA-2917-1 : openjdk-8 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2917 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected a...

AlmaLinux 8 : java-11-openjdk (ALSA-2021:3891)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:3891 advisory. - Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java...

Rocky Linux 8 : java-11-openjdk (RLSA-2021:2781)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:2781 advisory. - Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected...

AlmaLinux 8 : java-11-openjdk (ALSA-2021:2781)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:2781 advisory. - Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected ar...

Rocky Linux 8 : java-1.8.0-openjdk (RLSA-2021:2776)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:2776 advisory. - Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected...

AlmaLinux 8 : java-1.8.0-openjdk (ALSA-2021:3893)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:3893 advisory. - Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java...

Rocky Linux 8 : java-1.8.0-openjdk (RLSA-2021:3893)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:3893 advisory. - Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Ja...