Medium Severity

Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments (CVE-2021-35550, CVE-2021-35603)

Share this post:

Vulnerabilities in IBM® Runtime Environment Java™ were disclosed as part of the IBM Java SDK updates in October 2021. IBM® Runtime Environment Java™ is used by IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments and may be affected by the below vulnerabilities (CVEs).

CVE(s): CVE-2021-35550 , CVE-2021-35603

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Spectrum Protect Backup-Archive Client 8.1.0.0-8.1.14.0 (Macintosh and Windows)
8.1.7.0-8.1.14.0 (Linux web user interface only)
8.1.9.0-8.1.14.0 (AIX web user interface only)
IBM Spectrum Protect for Space Management 8.1.7.0-8.1.14.0 (Linux)
8.1.9.0-8.1.14.0 (AIX)
IBM Spectrum Protect for Virtual Environments: Data Protection for VMware 8.1.0.0-8.1.14.0 (Linux and Windows)
IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V 8.1.0.0-8.1.14.0 (Windows)

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6596379
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211627
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211676

More stories

Security Bulletin: Watson Knowledge Catalog InstaScan is vulnerable to an XML External Entity (XXE) Injection vulnerability due to IBM WebSphere Application Server Liberty ( CVE-2021-20492 )

August 12, 2022 | Medium Severity

WebSphere Application Server Java Batch, that was included in Watson Knowledge Catalog InstaScan, is vulnerable to an XML External Entity Injection (XXE) vulnerability. This has been addressed. ...read more


Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote authenticated attacker due to Node.js (CVE-2022-29244, CVE-2022-33987)

August 12, 2022 | Medium Severity

IBM App Connect Enterprise and IBM Integration Bus ship with Node.js for which vulnerabilities were reported and have been addressed by an ifix, a fixpack release and an option to disable the node (CVE-2022-29244, CVE-2022-33987) ...read more


Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to unauthenticated attacker to cause a denial of service or low integrity impact due to multiple vulnerabilities.

August 12, 2022 | Medium Severity

IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to an unauthorized attacker causing a denial of service or causing a low integrity impact on the server as described in the vulnerability details section. IBM i has addressed the vulnerabilities with a fix as described in the remediation/fixes section. ...read more