Medium Severity

Security Bulletin: Multiple vulnerabilities may affect IBM® Semeru Runtime

Share this post:

This bulletin covers all applicable Java SE CVEs published by OpenJDK as part of their October 2021 Vulnerability Advisory, plus CVE-2021-41035. For more information please refer to OpenJDK’s October 2021 Vulnerability Advisory and the X-Force database entries referenced below.

CVE(s): CVE-2021-35567 , CVE-2021-35550 , CVE-2021-35586 , CVE-2021-35578 , CVE-2021-35564 , CVE-2021-35561 , CVE-2021-35559 , CVE-2021-35556 , CVE-2021-35565 , CVE-2021-35603 , CVE-2021-41035

Affected product(s) and affected version(s):

8.0.302.0 – 8.0.302.1
11.0.12.0 – 11.0.12.1
16.0.2.0 – 16.0.2.1

For detailed information on which CVEs affect which releases, please refer to the IBM Semeru Runtimes Security Vulnerabilities page.

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6522862
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211643
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211627
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211661
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211654
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211640
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211637
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211635
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211632
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211641
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211676
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/212010

More stories

Security Bulletin: IBM® Security SOAR could be vulnerable to a downgrade attack because of missing Strict-Transport-Security headers for some endpoints (CVE-2021-29785).

Jan 19, 2022 7:01 pm EST | Medium Severity

IBM® Security SOAR, is missing Strict-Transport-Security headers for some endpoints that help prevent HTTPS downgrade attacks. This is addressed by upgrading IBM Security SOAR to the latest build of v43.1. ...read more


Security Bulletin: Vulnerabilities in Apache Log4j affect IBM App Connect Enterprise V11, V12 and IBM Integration Bus V10 (CVE-2021-44832)

Jan 18, 2022 7:03 pm EST | Medium Severity

Vulnerabilities in Apache Log4j affect the logging infrastructure in the Kafka Nodes in IBM App Connect Enterprise v11, v12 and IBM Integration Bus v10 and the logging infrastructure in the TADataCollector command line tool in IBM App Connect Enterprise v11, v12. IBM App Connect Enterprise V11, V12 and IBM Integration Bus v10 have addressed the applicable CVE. Given current information and analysis, IBM Integration Bus V9 is not affected ...read more


Security Bulletin: Apache Log4j vulnerability affects IBM Cloud Pak for Multicloud Management (CVE-2021-44832)

Jan 18, 2022 7:01 pm EST | Medium Severity

IBM Cloud Pak for Multicloud Management has applied security fixes for its use of Log4j for CVE-2021-44832. Log4j is used by various microservices either directly or indirectly through dependent open source software for logging messages to files. The fix includes Apache Log4j 2.17.1. ...read more