Security Bulletin: Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Oct 2024 - Includes OpenJDK July 2024 CPU plus two additional CVEs

Summary Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Oct 2024 - Includes OpenJDK July 2024 CPU plus two additional CVEs. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit vulnerabili...

Security Bulletin: Vulnerabilities in IBM Java SE affect BM Spectrum Control

Summary IBM Java SE is vulnerable to allow a remote attacker to cause High confidentiality ,high integrity impact. These vulnerabilities affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could...

Amazon Linux 2 : java-11-openjdk (ALASJAVA-OPENJDK11-2024-010)

The version of java-11-openjdk installed on the remote host is prior to 11.0.25.0.9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2JAVA-OPENJDK11-2024-010 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition...

Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2024-2720)

The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.432.b06-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2720 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product ...

Debian dla-4001 : libxstream-java - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4001 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4001-1 [email protected]...

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities found in Java and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java and IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor CVE-2024-7254, CVE-2022-46363, CVE-2015-2156, CVE-2020-11612. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses untrusted Protocol...

Security Bulletin: IBM Cognos Transformer is affected by vulnerabilities in IBM® Java™ and Bouncy Castle Crypto Package For Java

Summary There are vulnerabilities in IBM® Java™ and Bouncy Castle Crypto Package For Java consumed by IBM Cognos Transformer. For more information about the vulnerability impact, refer to the table in the "Related Information" section. This Security Bulletin relates only to third-party components...

SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-ibm (SUSE-SU-2024:4306-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4306-1 advisory. Updated to Java 8.0 Service Refresh 8 Fix Pack 35 with Oracle October 15 2024 CPU bsc1232064: - CVE-2024-21208: Fixed...

CVE-2024-47580 Multiple vulnerabilities in SAP NetWeaver AS for JAVA(Adobe Document Services)

An attacker authenticated as an administrator can use an exposed webservice to create a PDF with an embedded attachment. By specifying the file to be an internal server file and subsequently downloading the generated PDF, the attacker can read any file on the server with no effect on integrity or...

The vulnerabilities of the String.toLowerCase() and String.toUpperCase() methods in the Java framework allow for security breaches in industrial applications, as they are exploited by attackers to bypass authentication processes.

The vulnerability of the String.toLowerCase and String.toUpperCase methods in the Java framework, which is used for securing industrial applications with Spring Security, is related to improper authentication. Exploiting this vulnerability can allow an attacker to bypass the authentication proces...

SUSE SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2024:3987-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3987-1 advisory. Update to version jdk8u432 icedtea-3.33.0: - CVE-2024-21208: Enhance HTTP client bsc1231702. - CVE-2024-21210: Improve handling of vectorizatio...

Fedora 37 : java-17-openjdk (2022-f687000ef7)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-f687000ef7 advisory. New in release OpenJDK 17.0.5 2022-10-18 Release announcement Full release notes Security Fixes - JDK-8282252: Improve BigInteger/Decimal validation...

Fedora 37 : java-latest-openjdk (2022-d0ed59bee7)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-d0ed59bee7 advisory. New in release OpenJDK 19.0.1 2022-10-18 Full release notes This update depends on FEDORA-2022-d0fc6f0dd4 CVEs Fixed - CVE-2022-21618 - CVE-2022-216...

Security Bulletin: IBM Sterling Transformation Extender is affected by multiple IBM Java 8 vulnerabilities

Summary IBM Sterling Transformation Extender uses IBM SDK, Java Technology, version 8. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity impacts...

Security Bulletin: Security vulnerabilities may affect IBM Java shipped with IBM CICS TX Standard.

Summary Security vulnerabilities may affect IBM Java shipped with IBM CICS TX Standard. Updates to IBM CICS TX Standard have been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2024-21145 DESCRIPTION: An unspecified vulnerability in Java SE related to the 2D component...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : java-17-openjdk (SUSE-SU-2024:3963-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3963-1 advisory. - Update to upstream tag jdk-17.0.13+11 October 2024 CPU Security fixes + JDK-8307383: Enhance...

java-1_8_0-openjdk-1.8.0.432-1.1 on GA media (moderate)

java-180-openjdk-1.8.0.432-1.1 on GA media Announcement ID: openSUSE-SU-2024:14465-1 Rating: moderate Cross-References: CVE-2024-21208 CVE-2024-21210 CVE-2024-21217 CVE-2024-21235 CVSS scores: CVE-2024-21208 SUSE : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2024-21208 SUSE : 6.3...

Oracle Critical Patch Update Advisory - January 2024 (CVE-2024-20952, CVE-2024-20945, CVE-2024-20926, CVE-2024-20921, CVE-2024-20919, CVE-2024-20918)

Brocade SANnav has provided a Security update for the JAVA vulnerabilities below. CVE-2024-20952 CVE-2024-20945 CVE-2024-20926 CVE-2024-20921 CVE-2024-20919 CVE-2024-20918...

java-23-openjdk-23.0.1.0-1.1 on GA media (moderate)

java-23-openjdk-23.0.1.0-1.1 on GA media Announcement ID: openSUSE-SU-2024:14449-1 Rating: moderate Cross-References: CVE-2024-21208 CVE-2024-21210 CVE-2024-21217 CVE-2024-21235 CVSS scores: CVE-2024-21208 SUSE : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2024-21208 SUSE : 6.3...

Amazon Linux 2 : java-1.8.0-amazon-corretto (ALASCORRETTO8-2024-014)

The version of java-1.8.0-amazon-corretto installed on the remote host is prior to 1.8.0432.b06-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2CORRETTO8-2024-014 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise...