BIT-JAVA-2022-21624

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

PT-2026-37676

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JNDI. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web

...

ROS-20240529-01

Vulnerability in the Lightweight HTTP Server component of the Oracle Java SE software platform and virtual machine Oracle GraalVM Enterprise Edition is related to unrestricted resource allocation. Exploitation exploitation of the vulnerability could allow a remote attacker to cause a denial of...

Security Bulletin: IBM Rational Build Forge is vulnerable and could allow unauthenticated attacker to cause multiple impacts due to the use of JNDI component (CVE-2022-21496, CVE-2022-21434, CVE-2022-21443)

Summary IBM JDK used by IBM Rational Build Forge. This fix includes IBM JDK 8.0.7.10 which is based on jdk8u331-b09 Vulnerability Details CVEID:CVE-2022-21496 DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause no...

SUSE CVE-2018-2599

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JNDI. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker...

SUSE CVE-2022-21624

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM CICS TX on Cloud

Summary IBM CICS TX on Cloud has addressed the following vulnerability reported by IBM® Runtime Environment Java™ Vulnerability Details CVEID:CVE-2020-14781 DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to obtain sensiti...

Security Bulletin: Unspecified vulnerability in Java Affects IBM Infosphere Global Name Management (CVE-2022-21496)

Summary The Java used in IBM Global Name Management has an unspecified vulnerability related to the JNDI component. Within GNM, this issue only affects ENS, a part of GNM 6 installed by a small minority of GNM customers. For GNM customers not using ENS, there is no vulnerability. Vulnerability...

Security Bulletin: IBM SDK, Java Technology Edition, Security Update July 2022

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8 that is used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates up to July 2022. IBM 8 SR7 FP15 1.8.0341. Vulnerability Details CVEID:CVE-2022-21496 DESCRIPTION: An...

OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

UBUNTU-CVE-2022-21624

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

PT-2022-6863

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19 Oracle GraalVM Enterprise Edition versions 20.3.7, 21.3.3, 22.2.0 Description The issue allows an unauthenticated attacker with network access via multiple protocols to...

Security Bulletin: IBM Sterling Connect:Direct Browser User Interface vulnerable to multiple issues due to IBM Runtime Environment Java

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions. Sterling Connect:Direct Browser User Interface has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-21496 DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI component...

Security Bulletin: Due to use of IBM® SDK Java™ Technology Edition, IBM Virtualization Engine TS7700 is vulnerable to a data integrity threat (CVE-2022-21496)

Summary IBM Virtualization Engine TS7700 is vulnerable to a data integrity threat CVE-2022-21496 due to the use of IBM® SDK Java™ Technology Edition, Version 8. The SDK is used by the TS7700 to provide the Management Interface, to perform cache management, and to provide Transparent Cloud Tiering...

Security Bulletin: Vulnerability in IBM SDK, Java Technology (CVE-2022-21496 and CVE-2022-21434) affects Power HMC

Summary IBM Java is used by IBM Power Hardware Management Console HMC for running java applications and services. This bulletin provides a remediation for the impacted vulnerabilities, CVE-2022-21496 and CVE-2022-21434 by upgrading IBM Power Hardware Management Console HMC respective PTF and thus...

Security Bulletin: Vulnerabilities in IBM Semeru Runtime affect SPSS Collaboration and Deployment Services (CVE-2022-21496, CVE-2022-21426)

Summary There are vulnerabilities in IBM® Semeru Runtime Open Edition 11 used by SPSS Collaboration and Deployment Services. The issues have been addressed. Vulnerability Details CVEID:CVE-2022-21496 DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI component could allow an...

Security Bulletin: A security vulnerability has been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component (CVE-2022-21496)

Summary IBM Security Verify Governance, Identity Manager virtual appliance component has addressed the following vulnerability. Vulnerability Details CVEID:CVE-2022-21496 DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to...

Security Bulletin: Vulnerabilities in the Java JDK affect IBM Event Streams (CVE-2022-21496, CVE-2022-21434, CVE-2022-21443)

Summary There are a number of vulnerabilities in the Java JDK used by IBM Event Streams. Vulnerability Details CVEID: CVE-2022-21496 DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low...