Medium Severity

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server July 2021 CPU

Share this post:

There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These might affect some configurations of IBM WebSphere Application Server Traditional, IBM WebSphere Application Server Liberty and IBM WebSphere Application Server Hypervisor Edition. These products have addressed the applicable CVEs. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities is applicable to your code. For a complete list of vulnerabilities, refer to the link for “IBM Java SDK Security Bulletin” located in the References section for more information. HP fixes are on a delayed schedule.

CVE(s): CVE-2021-2369

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
WebSphere Application Server 9.0
WebSphere Application Server 8.5
WebSphere Application Server Liberty Continuous delivery

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin:
X-Force Database:

More stories

Security Bulletin: IBM Cloud Pak for Integration is vulnerable to jzsip (CVE-2021-23413)

Oct 15, 2021 8:01 pm EDT | Medium Severity

IBM Cloud Pak for Integration is vulnerable to jzsip CVE-2021-23413 with details below more

Security Bulletin: Cross site scripting vulnerability affecting Case Builder in IBM Business Automation Workflow – CVE-2021-29878

Oct 15, 2021 8:01 pm EDT | Medium Severity

IBM Business Automation Workflow Case Builder in Workflow Center is vulnerable to cross site scripting. more

Security Bulletin: Vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products

Oct 14, 2021 8:03 pm EDT | Medium Severity

Multiple vulnerabilities in the Linux kernel could allow an authenticated attacker to obtain sensitive information. more