Medium Severity

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server July 2020 CPU plus deferred CVE-2020-2590 and CVE-2020-2601

Share this post:

There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These might affect some configurations of IBM WebSphere Application Server Traditional, IBM WebSphere Application Server Liberty and IBM WebSphere Application Server Hypervisor Edition. These products have addressed the applicable CVEs. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities is applicable to your code. For a complete list of vulnerabilities, refer to the link for “IBM Java SDK Security Bulletin” located in the References section for more information. HP fixes are on a delayed schedule.

Affected product(s) and affected version(s):

 

Affected Product(s) Version(s)
WebSphere Application Server Liberty Continuous delivery
WebSphere Application Server 9.0
WebSphere Application Server 8.5

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6256732

More stories

Security Bulletin: IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2021-29800)

Sep 21, 2021 8:02 pm EDT | Medium Severity

IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. ...read more


Security Bulletin: OpenSSL publicly disclosed vulnerability affects MessageGateway (CVE-2021-3712)

Sep 21, 2021 8:00 pm EDT | Medium Severity

MessageGateway has addressed the following vulnerability(ies) by updating the version of OpenSSL. ...read more


Security Bulletin: Multiple security vulnerabilities have been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component (ISVG IMVA)

Sep 21, 2021 8:00 pm EDT | Medium Severity

IBM Security Verify Governance, Identity Manager virtual appliance component has addressed the following vulnerabilities. ...read more