Low Severity

Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to unauthorized sensitive information access due to IBM Java (CVE-2021-35603)

Share this post:

IBM Java is used by IBM Sterling Connect:Direct for UNIX on AIX, Linux, and Solaris platforms in product configuration, management, and data transmission. IBM Sterling Connect:Direct for UNIX on AIX, Linux, and Solaris platforms is impacted by an unauthorized sensitive information access issue in IBM Java (CVE-2021-35603). IBM Sterling Connect:Direct for UNIX on AIX, Linux, and Solaris platforms has upgraded IBM Java to version 8.0.7.10 to address the issue.

CVE(s): CVE-2021-35603

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Sterling Connect:Direct for UNIX 6.2.0
IBM Sterling Connect:Direct for UNIX 6.1.0
IBM Sterling Connect:Direct for UNIX 6.0.0
IBM Sterling Connect:Direct for UNIX 4.3.0

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6599669
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211676

More stories

Security Bulletin: IBM Sterling Connect:Direct for UNIX Certified Container is vulnerable to sensitive information exposure due to GNU ncurses (CVE-2019-17595, CVE-2019-17594)

August 4, 2022 | Low Severity

IBM Sterling Connect:Direct for UNIX Certified Container bundles ncurses as third party packages in its container image which has the vulnerability where attacker can obtain sensitive information. This fix updates ncurses to 6.1-9.20180224.el8. ...read more


Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a data binding rules security weakness in Spring Framework (CVE-2022-22968)

August 4, 2022 | Low Severity

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a Spring framework data binding rules vulnerability, where case sensitive patterns for disallowedFields cause weaker than expected security (CVE-2022-22968). Spring Framework is used by some of the java components included in IBM Watson Speech. Please read the details for remediation below. ...read more


Security Bulletin: Vulnerability in the Node.js follow-redirects component affects IBM Event Streams (CVE-2022-0536)

August 3, 2022 | Low Severity

This security vulnerability affects the follow-redirects component that is used by IBM Event Streams. ...read more