High Severity

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i

Share this post:

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i. IBM i has addressed the applicable CVEs.

CVE(s): CVE-2021-35560 , CVE-2021-35586 , CVE-2021-35578 , CVE-2021-35564 , CVE-2021-35559 , CVE-2021-35556 , CVE-2021-35565 , CVE-2021-41035

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM i 7.4
IBM i 7.3
IBM i 7.2
IBM i 7.1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6549910
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211636
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211661
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211654
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211640
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211635
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211632
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211641
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/212010

More stories

Security Bulletin: PowerVC installation on RHEL is vulnerable to MariaDB with CVE-2021-46669, CVE-2022-24048, MariaDB – 219814, MariaDB – 219815, CVE-2022-24050, CVE-2022-24052

May 27, 2022 | High Severity

Summary guidance: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used and it is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the processing of SQL queries. The specific flaw exists within the processing of SQL queries. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. ...read more