High Severity

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime affect z/Transaction Processing Facility

Share this post:

There are multiple vulnerabilities in IBM® Semeru Runtime Certified Edition 11 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs.

CVE(s): CVE-2022-34169 , CVE-2022-21549

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
z/Transaction Processing Facility 1.1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6695887
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/231488
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/231575

More stories

Security Bulletin: ISC BIND on IBM i is vulnerable to denial of service due to memory leaks and a flaw in resolver code (CVE-2022-2795, CVE-2022-38177, CVE-2022-38178)

November 28, 2022 | High Severity

ISC BIND on IBM i is vulnerable to a denial of service attack due to memory leaks in the DNSSEC verification code and a flaw in resolver code to degrade performance as described in the vulnerability details section. IBM i has addressed the vulnerabilities in ISC BIND with a fix as described in the remediation/fixes section. ...read more


Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution due to X-Force 237819

November 25, 2022 | High Severity

Node.js moment-timezone is used by IBM App Connect Enterprise Certified Container for handling timezone information. IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability X-Force 237819 in Node.js moment-timezone. ...read more


Security Bulletin: IBM Sterling Control Center is vulnerable to denial of service due to Websphere Liberty (CVE-2022-24839)

November 23, 2022 | High Severity

IBM Sterling Control Center is vulnerable to potential a denial of service, caused by a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup in the fork of org.cyberneko.html. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. ...read more