Low Severity

Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Server, Operations Center, and Client Management Service (CVE-2020-14782, CVE-2020-27221)

Share this post:

Vulnerabilities in IBM® Runtime Environment Java™ affect IBM Spectrum Protect Server, IBM Spectrum Protect Operations Center, and IBM Spectrum Protect Client Management Server. These Java vulnerabilities were disclosed as part of the IBM Java SDK updates in October 2020 and January 2021.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Spectrum Protect Server 8.1.0.000-8.1.11.000
7.1.0.000-7.1.13.000
IBM Spectrum Protect Operations Center 8.1.0.000-8.1.11.000
7.1.0.000-7.1.13.000
IBM Spectrum Protect Client Management Service 8.1.0.000-8.1.11.000
7.1.0.000-7.1.13.000

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6442991

More stories

Security Bulletin: Client-side HTTP Parameter Pollution in WAS Intelligent Management Admin console

May 18, 2021 8:02 pm EDT | Low Severity

Client-side HTTP Parameter Pollution in WAS Intelligent Management Admin console. TWAS pen testing uncovered an issue with the admin console that allows Client-side HTTP Parameter Pollution. The user must be navigating the affected resources. Client-side HTTP parameter pollution (HPP) vulnerabilities arise when an application embeds user input in URLs in an unsafe manner. An attacker can use this vulnerability to construct a URL that, if visited by another application user, will modify URLs within the response by inserting additional query string parameters and sometimes overriding existing ones. This may result in links and forms having unexpected side effect. In this case it is possible to inject and execute arbitrary JavaScript but it does require that the user click the link for this reason Coalfire has decreased severity from High to Low.Affects: WAS VE 7.0, WAS ND 8.5, 9.0 See bulletin for fixpack and ifix details. ...read more


Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities – Java SE (CVE-2020-14782)

May 18, 2021 8:02 pm EDT | Low Severity

IBM Resilient SOAR is Using Components with Known Vulnerabilities - Java SE (CVE-2020-14782) ...read more


Security Bulletin: A vulnerability in Java affects IBM Cloud Pak for Multicloud Management Monitoring

May 18, 2021 8:02 pm EDT | Low Severity

An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. ...read more