Medium Severity

Security Bulletin: A vulnerability (CVE-2021-35550) in IBM Java Runtime affects CICS Transaction Gateway

June 21, 2022

Share this post:

IBM® Runtime Environment Java™ Versions 7.0, 7.1 and 8.0 is used by CICS Transaction Gateway. The fix removes vulnerability CVE-2021-35550 that can allow an unauthenticated attacker to obtain sensitive information.

CVE(s): CVE-2021-35550

Affected product(s) and affected version(s):

Affected Product(s)	Version(s)
IBM CICS Transaction Gateway	v9.2.0.0 – 9.2.0.2
IBM CICS Transaction Gateway	v9.1.0.0 – 9.1.0.3
IBM CICS Transaction Gateway	v9.0.0.0 – 9.0.0.5
IBM CICS Transaction Gateway	v8.1.0.0 – 8.1.0.5
IBM CICS Transaction Gateway	v8.0.0.0 – 8.0.0.6

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6597251
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211627

Medium Severity

Security Bulletin: IBM Sterling Connect:Direct Browser User Interface is vulnerable to multiple vulnerabilities due to Jetty

Search Posts

Resources

Feed for PSIRT Blog Posts

IBM Product Security Vulnerabilities

See information about: IBM Security Bulletins, IBM Security Vulnerability Management (PSIRT), Reporting a Security Issue, IBM Secure Engineering

Learn More

IBM Product Support Portal

Access IBM Product Support to: Subscribe to Notifications, Download Fixes & PTFs (Fix Central), Access the Directory of IBM Worldwide Contacts

See What's New

Helpful Information

Security Bulletin: IBM SDK, Java Technology Edition, Security Update October 2021

June 27, 2022 | Medium Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8* that are used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates in October 2021. IBM 8 Fix SR7 FP5 (8.0.7.5). ...read more

Security Bulletin: Vulnerabilities in the Java JDK affect IBM Event Streams (CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21294, CVE-2022-21293, CVE-2022-21291, CVE-2022-21248)

June 27, 2022 | Medium Severity

There are a number of vulnerabilities in the Java JDK used by IBM Event Streams. ...read more

Medium Severity

Security Bulletin: A vulnerability (CVE-2021-35550) in IBM Java Runtime affects CICS Transaction Gateway

Security Bulletin: IBM Sterling Connect:Direct Browser User Interface is vulnerable to multiple vulnerabilities due to Jetty

Security Bulletin: June 2022 :Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway

Search Posts

Archives

Resources

IBM Product Security Vulnerabilities

IBM Product Support Portal

Helpful Information

Security Bulletin: IBM SDK, Java Technology Edition, Security Update October 2021

June 27, 2022 | Medium Severity

Security Bulletin: Vulnerabilities in the Java JDK affect IBM Event Streams (CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21294, CVE-2022-21293, CVE-2022-21291, CVE-2022-21248)

June 27, 2022 | Medium Severity

Security Bulletin: IBM SDK, Java Technology Edition, Security Update October 2021

June 27, 2022 | Medium Severity