Medium Severity

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer

June 24, 2022

Share this post:

There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 7 and 8 and IBM® Runtime Environment Java™ Version 7 and 8 used by Rational Business Developer. Rational Business Developer has provided a fix for the applicable CVE. This issue was disclosed as part of the IBM Java SDK and Runtime Environment updates deferred from Oracle Oct 2021 CPU (CVE-2021-35550).

CVE(s): CVE-2021-35550

Affected product(s) and affected version(s):

Affected Product(s)	Version(s)
RBD	9.1 – 9.1.1.2
RBD	9.5 – 9.5.1.2
RBD	9.6 – 9.6.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6598361
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211627

Medium Severity

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to an unspecified vulnerability due to IBM Java Runtime (CVE-2021-35550)

Search Posts

Resources

Feed for PSIRT Blog Posts

IBM Product Security Vulnerabilities

See information about: IBM Security Bulletins, IBM Security Vulnerability Management (PSIRT), Reporting a Security Issue, IBM Secure Engineering

Learn More

IBM Product Support Portal

Access IBM Product Support to: Subscribe to Notifications, Download Fixes & PTFs (Fix Central), Access the Directory of IBM Worldwide Contacts

See What's New

Helpful Information

Security Bulletin: A Unspecified Java Vulnerability is affecting Watson Knowledge Catalog for IBM Cloud Pak for Data (CVE-2021-35550)

August 12, 2022 | Medium Severity

An unspecified vulnerability in Java is affecting Watson Knowledge Catalog for IBM Cloud Pak for Data. This vulnerability have been addressed. ...read more

Security Bulletin: CP4D Match 360 is affected by Identity Spoofing vulnerability in IBM WebSphere Application Server Liberty

August 12, 2022 | Medium Severity

IBM WebSphere Application Server Liberty is vulnerable to identity spoofing with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0 or appSecurity-4.0 feature enabled. This has been addressed. IBM Match 360 v4.5.0 and prior, is also vulnerable given that it uses WebSphere Application Server Liberty. ...read more

Security Bulletin: Watson Knowledge Catalog InstaScan is vulnerable to an XML External Entity (XXE) Injection vulnerability due to IBM WebSphere Application Server Liberty ( CVE-2021-20492 )

August 12, 2022 | Medium Severity

WebSphere Application Server Java Batch, that was included in Watson Knowledge Catalog InstaScan, is vulnerable to an XML External Entity Injection (XXE) vulnerability. This has been addressed. ...read more

Medium Severity

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to an unspecified vulnerability due to IBM Java Runtime (CVE-2021-35550)

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Search Posts

Archives

Resources

IBM Product Security Vulnerabilities

IBM Product Support Portal

Helpful Information

Security Bulletin: A Unspecified Java Vulnerability is affecting Watson Knowledge Catalog for IBM Cloud Pak for Data (CVE-2021-35550)

August 12, 2022 | Medium Severity

Security Bulletin: CP4D Match 360 is affected by Identity Spoofing vulnerability in IBM WebSphere Application Server Liberty

August 12, 2022 | Medium Severity

Security Bulletin: Watson Knowledge Catalog InstaScan is vulnerable to an XML External Entity (XXE) Injection vulnerability due to IBM WebSphere Application Server Liberty ( CVE-2021-20492 )

August 12, 2022 | Medium Severity