High Severity

Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect Cloud Pak System

Share this post:

Multiple Vulnerabilities have been found in IBM Java SDK that is shipped with Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities in the IBM SDk October 2021 CPU update, which includes the IBM SDK April and July 2021 CPU updates.

CVE(s): CVE-2021-2161 , CVE-2021-35560 , CVE-2021-35586 , CVE-2021-35578 , CVE-2021-35564 , CVE-2021-35565 , CVE-2021-41035, CVE-2021-2369

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Cloud Pak System Software Suite 2.3.3.0
IBM Cloud Pak System

2.3.0.1, 2.3.1.1, 2.3.2.0, 2.3.3.0, 2.3.3.1, 2.3.3.2, 2.3.3.3, 2.3.3.3 Interim Fix1

OS Images For Red Hat Linux Enterprise  3.0.12.0 – 3.1.3.0

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6566881
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/200290
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211636
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211661
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211654
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211640
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211641
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/212010
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205796

More stories

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime affect z/Transaction Processing Facility

September 22, 2022 | High Severity

There are multiple vulnerabilities in IBM® Semeru Runtime Certified Edition 11 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs. ...read more


Security Bulletin: A spoofing vulnerablity due to an exposure in Eclipse Paho used by IBM WebSphere Application Server Liberty affects TXSeries for Multiplatforms

September 22, 2022 | High Severity

TXSeries for Multiplatforms has addressed the following identity spoofing vulnerability in Eclipse Paho reported by IBM® WebSphere Application Server Liberty ...read more


Security Bulletin: IBM CICS TX Advanced is vulnerable to spoofing due to a flaw in Eclipse Paho, used by IBM WebSphere Application Server Liberty (CVE-2019-11777)

September 22, 2022 | High Severity

WebSphere Application Server Liberty is used by IBM CICS TX Advanced to provide a web based administration console. The fix removes the spoofing vulnerability CVE-2019-11777 from Liberty. ...read more