27 matches found
CVE-2013-4002
CVE-2013-4002 affects the Xerces2 Java XML parser. XMLScanner.java in Xerces2 Java Parser before 2.12.0 (as used in various JREs and Oracle/Jakarta distributions) could allow remote denial of service via vectors related to XML attribute names. IBM and other vendors document DoS impact on affected...
CVE-2023-30441
CVE-2023-30441 affects IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0–8.0.7.11, with potential exposure of sensitive information due to a combination of flaws/configurations. The CVSS base score is 7.5 (HIGH). IBM Bulletins reference remediation by upgrading to newer...
CVE-2019-4473
CVE-2019-4473 is an IBM Java SDK on AIX issue where multiple IBM SDK binaries shipped with IBM products used insecure absolute RPATHs, enabling local code injection and privilege elevation. The connected IBM advisories document this vulnerability across IBM Tivoli/Spectrum Control, Tivoli System ...
CVE-2012-4820
CVE-2012-4820 affects IBM Java Runtime used in IBM WebSphere Real Time and other IBM products. The issue arises when code runs under a security manager, allowing remote attackers to escalate privileges by abusing insecure use of java.lang.reflect.Method invoke(). Affected IBM JREs include release...
CVE-2013-5456
CVE-2013-5456 is an IBM Java SDK vulnerability in which deserialization inside AccessController.doPrivileged could allow a remote attacker to bypass sandbox protections and execute arbitrary code. Affected IBM SDK Java Technology Edition versions include 5.0, 6, and 7 (SRs prior to remediation). ...
CVE-2012-4821
CVE-2012-4821 is one of several IBM JRE/Java SDK vulnerabilities (CVE-2012-4820/4821/4822/4823) affecting IBM products (e.g., WebSphere Real Time, Tivoli Monitoring, Tivoli Storage Productivity Center, and related IBM runtimes). The root cause is insecure use of Java reflection APIs (getDeclaredM...
CVE-2013-3009
CVE-2013-3009 affects IBM Java runtimes where the com.ibm.CORBA.iiop.ClientDelegate class exposes the java.lang.reflect.Method.invoke method, enabling remote attackers to call setSecurityManager and bypass sandbox protections via vectors related to the AccessController doPrivileged block. Affecte...
CVE-2014-3065
CVE-2014-3065: IBM Java SDK/JRE contains a vulnerability where the default configuration for the shared classes feature potentially allows arbitrary code execution via the shared classes cache by other local users. Affected IBM Java versions include IBM SDK/JAVA 2 Technology Edition (v5.0 SR16 FP...
CVE-2015-0192
Technical details for CVE-2015-0192 are not provided in the connected documents. The initial description names IBM Java vulnerabilities but does not specify affected products, versions, vectors, or fixes in the supplied sources. Monitor for updates.
CVE-2012-4823
CVE-2012-4823 is an IBM JRE vulnerability (arbitrary code execution via insecure use of java.lang.ClassLoder defineClass()) affecting IBM JRE in multiple IBM and partner products. Connected advisories confirm concrete fixes by upgrading the IBM JRE to newer service releases on affected stacks: fo...
CVE-2012-4822
CVE-2012-4822 affects IBM JRE components used in IBM WebSphere Real Time and multiple IBM/Tivoli products (e.g., Tivoli Monitoring, Rational Host On-Demand, WebSphere Real Time, Lotus Notes/Domino). Root cause: insecure use of multiple methods in java.lang.Class enabling remote code execution. Af...
CVE-2014-3068
CVE-2014-3068 affects IBM Java environments used with Tivoli Storage Productivity Center (JRE/JDK 6 SR16 FP1 or earlier; 7 SR7 FP1 or earlier; and other older SRs). The CMS keystore allows brute-force recovery of a private key, enabling attackers to obtain private keys from CMS keystores. Exploit...
CVE-2013-3006
CVE-2013-3006 (IBM Java/JRE) is described across IBM advisories as an unspecified vulnerability in the Java Runtime Environment used by IBM WebSphere Real Time. Affected IBM WebSphere Real Time versions include v2 and v3 SR4-FP2 and earlier, with remediation to upgrade to the IBM Java SDK version...
CVE-2015-1914
CVE-2015-1914 describes a vulnerability in IBM Java (various releases) where a remote attacker could bypass Java permission checks in the IBM JVM and obtain sensitive information. Affected versions include IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 bef...
CVE-2013-3007
CVE-2013-3007 is an IBM Java JRE vulnerability affecting IBM Java 6.0.1 before 6.0.1 SR6 and 7 before 7 SR5, allowing remote execution with full confidentiality, integrity and availability impact. The issue is part of a broader set of Oracle/JVM vulnerabilities addressed in IBM bulletins for Tivo...
CVE-2013-3011
CVE-2013-3011 is described as an unspecified vulnerability in IBM Java Runtime Environment affecting multiple IBM JREs (IBM Java 1.4.2 before SR13-FP18, 5.0 before SR16-FP3, 6 before SR14, 6.0.1 before SR6, and 7 before SR5). The impact is stated as remote attackers potentially compromising confi...
CVE-2013-3012
Summary of CVE-2013-3012 (IBM Java JRE) : The initial entry describes an unspecified remote vulnerability in IBM Java runtimes across multiple releases (IBM JREs bundled with IBM products). Connected IBM advisories confirm this CVE is part of a broad set addressed by updating the IBM Java SDK/JRE...
CVE-2013-5457
CVE-2013-5457 affects IBM SDK for Java (IBM JRE/JAVA EE shards) and is discussed across IBM advisories related to WebSphere and IT management products. The vulnerability allows an attacker to execute arbitrary code remotely by abusing the Java security manager, with exploitation tied to IBM Java ...
CVE-2015-1916
CVE-2015-1916 is an IBM Java SSL/TLS (JSSE) related denial-of-service vulnerability. IBM advisories (e.g., IBMs 734104A523B… and related security bulletins) indicate affected IBM Java SDK/JRE versions used in IBM SAN Volume Controller and Storwize family products. The vulnerability allows a remot...
CVE-2013-3008
CVE-2013-3008 affects IBM Java and IBM WebSphere Real Time. The IBM WebSphere Real Time bulletin lists CVE-2013-3008 among Java JRE vulnerabilities, describing an unspecified remote code execution risk via IBM Java 7 prior to 7 SR5. The remediation in that bulletin is to upgrade to IBM WebSphere ...
CVE-2013-4041
CVE-2013-4041 is an IBM Java SDK vulnerability affecting IBM SDK Java Technology Edition versions 5.0, 6, and 7 (and related WebSphere bundles) where code running under a security manager could access restricted classes via an unspecified vector. The IBM notices detail multiple CVEs in the Oracle...
CVE-2013-3010
CVE-2013-3010 is an IBM Java vulnerability in the IBM JRE shipped with IBM Java 6.0.1 before SR6 and 7 before SR5, allowing a remote attacker to affect confidentiality, integrity and availability and to execute arbitrary code on affected IBM products. IBM advisories (e.g., WebSphere Real Time) de...
CVE-2011-0311
CVE-2011-0311 affects IBM Runtimes for Java Technology, specifically IBM Java 1.4.2 SR13 FP9 used in 5.0.0 prior to SR13 and 6.0.0 prior to SR10. The issue arises in the class file parser where a crafted attribute length field in a class file can cause a denial of service through a JVM segmentati...
CVE-2013-5375
CVE-2013-5375 corresponds to an unspecified vulnerability in IBM SDK for Java Technology Edition (IBM JRE) that could allow remote attackers to access restricted classes via XML/XSL-related vectors. The initial entry lists affected IBM SDK/JAVA versions and SR levels: 5.0.x before SR16 FP4, 6.0.x...
CVE-2013-0485
CVE-2013-0485 refers to an unspecified vulnerability in IBM Java SDK versions (7 before SR4-FP1, 6 before SR13-FP1, 5.0 before SR16-FP1, and 1.4.2 before SR13-FP16) with unknown impact/attack vectors related to Class Libraries. Connected advisories note the issue affecting IBM Rational Developer ...
CVE-2013-5458
CVE-2013-5458 is an IBM Java SDK vulnerability affecting IBM WebSphere Real Time. The IBM bulletin indicates that IBM WebSphere Real Time Version 3 Service Refresh 5 and earlier are affected, with remediation by upgrading to Version 3 Service Refresh 6 or later. The vulnerability involves privile...
CVE-2011-3387
CVE-2011-3387 targets IBM Java 1.4.2 SR13 FP9 (IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10). A denial-of-service is caused by a crafted class file attribute length field, due to validation timing, leading to memory consumption or an infinite loop. The issue is distinc...