High Severity
Security Bulletin: Some unspecified vulnerabilities in Java SE result in the unauthenticated attacker to take control of the system or some impact
March 6, 2022
Categorized: High Severity
Share this post:
An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. Some unspecified vulnerabilities in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system.
CVE(s): CVE-2021-35560 , CVE-2021-35586 , CVE-2021-35578 , CVE-2021-35564 , CVE-2021-35559 , CVE-2021-35556 , CVE-2021-35565 , CVE-2021-35588 , CVE-2021-41035
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| DB2 Recovery Expert for LUW | 5.5 |
| DB2 Recovery Expert for LUW | 5.5 IF1 |
| DB2 Recovery Expert for LUW | 5.5 IF2 |
| DB2 Recovery Expert for LUW | 5.5.0.1 |
| DB2 Recovery Expert for LUW | 5.5.0.1 IF1 |
| DB2 Recovery Expert for LUW | 5.5.0.1 IF2 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6561577
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211636
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211661
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211654
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211640
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211635
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211632
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211641
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211662
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/212010
Security Bulletin: One or more security vulnerabilities has been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics (CVE-2020-4230,CVE-2020-4135,CVE-2020-4204,CVE-2020-4200)
June 23, 2022 | High Severity
IBM® DB2® is shipped as a component of IBM PureData System for Operational Analytics. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin (CVE-2020-4230,CVE-2020-4135,CVE-2020-4204,CVE-2020-4200). ...read more
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2019-10086, CVE-2021-41617)
June 23, 2022 | High Severity
IBM Security Guardium has fixed these vulnerabilities. ...read more
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
June 23, 2022 | High Severity
IBM Security Guardium has addressed the following vulnerabilities. ...read more