Medium Severity

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Share this post:

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 and 8 and IBM® Runtime Environment Java™ Version 7 and 8 used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the January 2022 Critical Patch Update, minus CVE-2022-21299.

CVE(s): CVE-2022-21365 , CVE-2022-21360 , CVE-2022-21341 , CVE-2022-21340 , CVE-2022-21305 , CVE-2022-21294 , CVE-2022-21293 , CVE-2022-21291 , CVE-2022-21248

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
RBD 9.1 – 9.1.1.2
RBD 9.5 – 9.5.1.2
RBD 9.6 – 9.6.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6598363
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217659
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217654
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217636
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217635
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217600
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217589
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217588
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217586
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217543

More stories

Security Bulletin: A Unspecified Java Vulnerability is affecting Watson Knowledge Catalog for IBM Cloud Pak for Data (CVE-2021-35550)

August 12, 2022 | Medium Severity

An unspecified vulnerability in Java is affecting Watson Knowledge Catalog for IBM Cloud Pak for Data. This vulnerability have been addressed. ...read more


Security Bulletin: CP4D Match 360 is affected by Identity Spoofing vulnerability in IBM WebSphere Application Server Liberty

August 12, 2022 | Medium Severity

IBM WebSphere Application Server Liberty is vulnerable to identity spoofing with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0 or appSecurity-4.0 feature enabled. This has been addressed. IBM Match 360 v4.5.0 and prior, is also vulnerable given that it uses WebSphere Application Server Liberty. ...read more


Security Bulletin: Watson Knowledge Catalog InstaScan is vulnerable to an XML External Entity (XXE) Injection vulnerability due to IBM WebSphere Application Server Liberty ( CVE-2021-20492 )

August 12, 2022 | Medium Severity

WebSphere Application Server Java Batch, that was included in Watson Knowledge Catalog InstaScan, is vulnerable to an XML External Entity Injection (XXE) vulnerability. This has been addressed. ...read more