Medium Severity

Security Bulletin: IBM SDK, Java Technology Edition, Security Update October 2021

May 10, 2022

Share this post:

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8* that are used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates in October 2021. IBM 8 Fix SR7 FP5 (8.0.7.5).

CVE(s): CVE-2021-41035, CVE-2021-35565 , CVE-2021-35578 , CVE-2021-35564 , CVE-2021-35586 , CVE-2021-35559

Affected product(s) and affected version(s):

Affected Product(s)	Version(s)
Rational Application Developer	9.6
Rational Application Developer	9.7

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6566227
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/212010
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211641
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211654
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211640
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211661
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211635

Medium Severity

Security Bulletin: IBM QRadar SIEM is vulnerable to cross-site scripting (XSS) (CVE-2022-22345)

Search Posts

Resources

Feed for PSIRT Blog Posts

IBM Product Security Vulnerabilities

See information about: IBM Security Bulletins, IBM Security Vulnerability Management (PSIRT), Reporting a Security Issue, IBM Secure Engineering

Learn More

IBM Product Support Portal

Access IBM Product Support to: Subscribe to Notifications, Download Fixes & PTFs (Fix Central), Access the Directory of IBM Worldwide Contacts

See What's New

Helpful Information

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Apr 2022 – Includes Oracle April 2022 CPU (minus CVE-2022-21426)affects IBM Security Verify Governance, Identity Manager virtual appliance component

August 17, 2022 | Medium Severity

IBM Security Verify Governance, Identity Manager virtual appliance component has addressed the applicable CVE. ...read more

Security Bulletin: Samba for IBM i is vulnerable to attacker obtaining sensitive information due to a memory leak with SMB1 requests (CVE-2022-32742)

August 17, 2022 | Medium Severity

Samba for IBM i is vulnerable to an attacker obtaining sensitive information due to a memory leak handling SMB1 requests as described in the vulnerability details section. IBM i has addressed the vulnerability in Samba with a fix as described in the remediation/fixes section. ...read more

Security Bulletin: A security vulnerability has been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component (CVE-2022-21496)

August 16, 2022 | Medium Severity

IBM Security Verify Governance, Identity Manager virtual appliance component has addressed the following vulnerability. ...read more

Medium Severity

Security Bulletin: IBM SDK, Java Technology Edition, Security Update October 2021

Security Bulletin: IBM QRadar SIEM is vulnerable to cross-site scripting (XSS) (CVE-2022-22345)

Security Bulletin: Multiple Vulnerabilities in VMware ESXi affect IBM Cloud Pak System (CVE-2021-21994, CVE-2021-21995)

Search Posts

Archives

Resources

IBM Product Security Vulnerabilities

IBM Product Support Portal

Helpful Information

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Apr 2022 – Includes Oracle April 2022 CPU (minus CVE-2022-21426)affects IBM Security Verify Governance, Identity Manager virtual appliance component

August 17, 2022 | Medium Severity

Security Bulletin: Samba for IBM i is vulnerable to attacker obtaining sensitive information due to a memory leak with SMB1 requests (CVE-2022-32742)

August 17, 2022 | Medium Severity

Security Bulletin: A security vulnerability has been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component (CVE-2022-21496)

August 16, 2022 | Medium Severity