High Severity

Security Bulletin: Some unspecified vulnerabilities in Java SE result in the unauthenticated attacker to take control of the system or some impact

Share this post:

An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. Some unspecified vulnerabilities in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system.

CVE(s): CVE-2021-35560 , CVE-2021-35586 , CVE-2021-35578 , CVE-2021-35564 , CVE-2021-35559 , CVE-2021-35556 , CVE-2021-35565 , CVE-2021-35588 , CVE-2021-41035

Affected product(s) and affected version(s):

 

Affected Product(s) Version(s)
DB2 Recovery Expert for LUW 5.5
DB2 Recovery Expert for LUW 5.5 IF1
DB2 Recovery Expert for LUW 5.5 IF2
DB2 Recovery Expert for LUW 5.5.0.1
DB2 Recovery Expert for LUW 5.5.0.1 IF1
DB2 Recovery Expert for LUW 5.5.0.1 IF2

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6561577
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211636
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211661
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211654
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211640
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211635
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211632
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211641
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211662
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/212010

More stories

Security Bulletin: One or more security vulnerabilities has been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics (CVE-2020-4230,CVE-2020-4135,CVE-2020-4204,CVE-2020-4200)

June 23, 2022 | High Severity

IBM® DB2® is shipped as a component of IBM PureData System for Operational Analytics. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin (CVE-2020-4230,CVE-2020-4135,CVE-2020-4204,CVE-2020-4200). ...read more



Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

June 23, 2022 | High Severity

IBM Security Guardium has addressed the following vulnerabilities. ...read more