Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Service Registry and Repository due to October 2023 CPU

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, used by WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in October 2023. These issues are also addressed by WebSphere Application Server shipped with WebSphere...

PT-2023-9571

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23 Oracle GraalVM for JDK versions 17.0.12, 21.0.4, 23 Oracle GraalVM Enterprise Edition versions 20.3.15, 21.3.11 Description The issue is related to the Serialization...

PT-2023-9572

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23 Oracle GraalVM for JDK versions 17.0.12, 21.0.4, 23 Oracle GraalVM Enterprise Edition versions 20.3.15, 21.3.11 Description The issue allows an unauthenticated attacker wi...

Improper Access Control

openjdk8 is vulnerable to Improper Access Control. An attacker can unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data via CORBA...

SUSE SLES12: java-1_8_0-ibm / java-1_8_0-ibm-alsa / java-1_8_0-ibm-devel / etc (SUSE-SU-2023:4614-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4614-1 advisory. - Update to Java 8.0 Service Refresh 8 Fix Pack 15: Oracle October 17 2023 CPU bsc1216640 Security fixes: - CVE-2023-22081: Fixed...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.4-IF001

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.4-IF001. Vulnerability Details CVEID:CVE-2023-22025 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (Apr 2023 CPU)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7.1.5.17 and earlier, 8.0.8.4 and earlier used by IBM® Db2®. These issues were disclosed as part of the IBM Java SDK updates in April 2023. Vulnerability Details CVEID: CVE-2023-21930 DESCRIPTION: An unspecified...

SUSE SLES15: java-1_8_0-openj9 / java-1_8_0-openj9-accessibility / etc (SUSE-SU-2023:4612-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4612-1 advisory. Update to OpenJDK 8u392 build 08 with OpenJ9 0.41.0 virtual machine - CVE-2023-22067: Fixed an IOR deserialization issue in CORBA...

Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : OpenJDK vulnerabilities (USN-6527-1)

The remote Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6527-1 advisory. Carter Kozak discovered that OpenJDK, when compiling with AVX-512 instruction support enabled, could produce code...

SUSE SLES15: java-1_8_0-ibm / java-1_8_0-ibm-32bit / java-1_8_0-ibm-alsa / etc (SUSE-SU-2023:4572-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4572-1 advisory. - Update to Java 8.0 Service Refresh 8 Fix Pack 15: Oracle October 17 2023 CPU bsc1216640 Security fixes: -...

SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-openjdk (SUSE-SU-2023:4506-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4506-1 advisory. - The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not...

SUSE SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2023:4507-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4507-1 advisory. - The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly conv...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to the October 2023 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

OESA-2023-1839 openjdk-1.8.0 security update

The OpenJDK runtime environment 8. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7...

Oracle Linux 9 : java-21-openjdk (ELSA-2023-6738)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6738 advisory. 1:21.0.1.0.12-2.0.1 - Add Oracle vendor bug URL 1:21.0.1.0.12-2 - Switch to using portable binaries built on RHEL 7 - Sync the copy of the portable...

OpenJDK: memory corruption issue on x86_64 with AVX-512 (8317121)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition:...

RHEL 8 : java-21-openjdk (RHSA-2023:6887)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6887 advisory. The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixe...

Huawei EulerOS: Security Advisory for java-1.8.0-openjdk (EulerOS-SA-2023-3130)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Rocky Linux 8 : java-11-openjdk (RLSA-2022:1442)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1442 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected...

RHEL 9 : java-21-openjdk (RHSA-2023:6738)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6738 advisory. The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixe...