High Severity

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Cloud October 2021 CPU

Share this post:

There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. These might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities is applicable to your code. For a complete list of vulnerabilities, refer to the link for “IBM Java SDK Security Bulletin” located in the References section for more information.

CVE(s): CVE-2021-35560 , CVE-2021-35586 , CVE-2021-35578 , CVE-2021-35564 , CVE-2021-35559 , CVE-2021-35556 , CVE-2021-35565 , CVE-2021-35588 , CVE-2021-41035

Affected product(s) and affected version(s):

These vulnerabilities affect all versions of Liberty for Java in IBM Cloud up to and including v3.65.

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6550514
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211636
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211661
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211654
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211640
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211635
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211632
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211641
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211662
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/212010

More stories

Security Bulletin: IBM Netezza as a Service is vulnerable to denial of service due to Golang net package (CVE-2021-33194, CVE-2021-44716, CVE-2021-31525)

June 28, 2022 | High Severity

Golang packages are used in IBM Netezza Software As A Service. Golang net sub module is vulnerable to denial of service. Vulnerability is addressed by upgrading Golang to version 1.17. ...read more

Security Bulletin: Zlib for IBM i is vulnerable to a denial of service attack due to memory corruption (CVE-2018-25032)

June 28, 2022 | High Severity

Zlib for IBM i is vulnerable to a denial of service attack due to memory corruption as described in the vulnerability details section. IBM i has addressed the vulnerability in Zlib with a fix as described in the remediation/fixes section. ...read more

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

June 27, 2022 | High Severity

IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, Java SE and various other libraries. ...read more