Medium Severity

Security Bulletin: Security Vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU – Oct 2020 – affect multiple IBM Continuous Engineering products based on IBM Jazz Technology

Share this post:

There are multiple vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU – Oct 2020 – Includes Oracle Oct 2020 CPU minus CVE-2020-14781 and CVE-2020-14782 and CVE-2020-14782 that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Global Configuration Management (GCM). These issues were disclosed as part of the IBM Java SDK updates in Oct 2020.

CVE(s): CVE-2020-14782 , CVE-2020-14779 , CVE-2020-14792 , CVE-2020-14796 , CVE-2020-14797 , CVE-2020-14798

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Global Configuration Management All

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6520810
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/190100
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/190097
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/190110
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/190114
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/190115
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/190116

More stories

Security Bulletin: Vulnerabilities in Apache Log4j affect IBM App Connect Enterprise V11, V12 and IBM Integration Bus V10 (CVE-2021-44832)

Jan 18, 2022 7:03 pm EST | Medium Severity

Vulnerabilities in Apache Log4j affect the logging infrastructure in the Kafka Nodes in IBM App Connect Enterprise v11, v12 and IBM Integration Bus v10 and the logging infrastructure in the TADataCollector command line tool in IBM App Connect Enterprise v11, v12. IBM App Connect Enterprise V11, V12 and IBM Integration Bus v10 have addressed the applicable CVE. Given current information and analysis, IBM Integration Bus V9 is not affected ...read more


Security Bulletin: Apache Log4j vulnerability affects IBM Cloud Pak for Multicloud Management (CVE-2021-44832)

Jan 18, 2022 7:01 pm EST | Medium Severity

IBM Cloud Pak for Multicloud Management has applied security fixes for its use of Log4j for CVE-2021-44832. Log4j is used by various microservices either directly or indirectly through dependent open source software for logging messages to files. The fix includes Apache Log4j 2.17.1. ...read more


Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to an Information Disclosure (CVE-2022-22310)

Jan 18, 2022 7:00 pm EST | Medium Severity

IBM WebSphere Application Server Liberty is vulnerable to an Information Disclosure. This has been addressed. ...read more