Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM266C32AECD9BCC9F1C54099C8FE9B92463A0A02A15157EF458713D15175A641C
HistoryMay 19, 2020 - 8:43 a.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Decision Optimization Center (CVE-2020-2756, CVE-2020-2757)

2020-05-1908:43:51
www.ibm.com
22

EPSS

0.003

Percentile

70.0%

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ and IBM® Runtime Environment Java™ Versions 7 & 8 used by IBM Decision Optimization Center. IBM Decision Optimization Center has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2020-2757
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179657 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2020-2756
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179656 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Decision Optimization Center (DOC) 3.9.1
IBM Decision Optimization Center (DOC) 3.9.0.2
IBM Decision Optimization Center (DOC) 3.9.0.1
IBM Decision Optimization Center (DOC) 3.9
IBM Decision Optimization Center (DOC) 3.8.0.2
IBM Decision Optimization Center (DOC) 3.8.0.1
IBM Decision Optimization Center (DOC) 3.8
IBM ILOG Optimization Decision Manager Enterprise (ODME) 3.7.0.2
IBM ILOG Optimization Decision Manager Enterprise (ODME) 3.7.0.1
IBM ILOG Optimization Decision Manager Enterprise (ODME) 3.7

Remediation/Fixes

The recommended solution is to download and install the IBM® Java™ SDK as soon as practicable.
Note that IBM® Java™ 6 is no longer supported anymore. IBM recommends upgrading to DOC 3.8.0.2, 3.9.1 or subsequent releases.

Before installing a newer version of IBM® Java™ SDK, please ensure that you:

  • Close any open programs that you have running;
  • Rename the initial directory of the IBM® Java™ SDK (for example: with a .old at the end),
  • Download and install IBM® Java™ SDK.

IBM Decision Optimization Center
From v3.8.0.2: IBM® SDK, Java™ Technology Edition, Version 7 Service Refresh 10 Fix Pack 65 and subsequent releases
From v3.9.0.1: IBM® SDK, Java™ Technology Edition, Version 8 Service Refresh 6 Fix Pack 10 and subsequent releases

You must verify that applying this fix does not cause any compatibility issues.
Here are the detailed instructions for updating IBM Java SDK.

Workarounds and Mitigations

None

Related

f5 1
nessus 48
ibm 65
alpinelinux 2
nvd 2
redhatcve 2
debiancve 2
veracode 2
ubuntucve 2
cve 2
vulnrichment 2
prion 2
cvelist 2
openvas 25
centos 5
redhat 14
oraclelinux 5
amazon 4
debian 2
osv 2
fedora 3
suse 2
mageia 1
gentoo 1
aix 1
f5
f5
K000135555 : Java vulnerabilities CVE-2020-2756 and CVE-2020-2757
2023-07-24 00:00:00
nessus
nessus
F5 Networks BIG-IP : Java vulnerabilities (K000135555)
2023-07-24 00:00:00
Scientific Linux Security Update : java-1.7.0-openjdk on SL7.x x86_64 (20200421)
2020-04-22 00:00:00
SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2020:14398-1)
2021-06-10 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer
2020-07-08 18:11:10
Security Bulletin: IBM MQ Appliance is affected by multiple Java SE vulnerabilities
2020-07-27 09:23:15
Security Bulletin: Enterprise Content Management System Monitor is affected by a vulnerability in IBM® SDK Java™ Technology Edition
2020-09-04 08:39:27
alpinelinux
alpinelinux
CVE-2020-2757
2020-04-15 14:15:25
CVE-2020-2756
2020-04-15 14:15:25
nvd
nvd
CVE-2020-2757
2020-04-15 14:15:25
CVE-2020-2756
2020-04-15 14:15:25
redhatcve
redhatcve
CVE-2020-2757
2020-04-14 21:33:39
CVE-2020-2756
2020-04-14 21:33:38
debiancve
debiancve
CVE-2020-2757
2020-04-15 14:15:25
CVE-2020-2756
2020-04-15 14:15:25
veracode
veracode
Denial Of Service (DoS)
2020-05-21 03:40:19
Denial Of Service (DoS)
2020-05-21 03:40:19
ubuntucve
ubuntucve
CVE-2020-2757
2020-04-15 00:00:00
CVE-2020-2756
2020-04-15 00:00:00
cve
cve
CVE-2020-2757
2020-04-15 14:15:25
CVE-2020-2756
2020-04-15 14:15:25
vulnrichment
vulnrichment
CVE-2020-2757
2020-04-15 13:29:44
CVE-2020-2756
2020-04-15 13:29:44
prion
prion
Design/Logic Flaw
2020-04-15 14:15:00
Design/Logic Flaw
2020-04-15 14:15:00
cvelist
cvelist
CVE-2020-2757
2020-04-15 13:29:44
CVE-2020-2756
2020-04-15 13:29:44
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2020:1571-1)
2021-04-19 00:00:00
Oracle Java SE Security Update (cpuapr2020 - 01) - Windows
2020-04-15 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:14398-1)
2021-06-09 00:00:00
centos
centos
java security update
2020-04-30 19:54:04
java security update
2020-04-28 00:24:04
java security update
2020-04-28 00:26:13
redhat
redhat
(RHSA-2020:1508) Important: java-1.7.0-openjdk security update
2020-04-21 07:55:40
(RHSA-2020:2238) Important: java-1.7.1-ibm security update
2020-05-20 13:54:11
(RHSA-2020:2236) Important: java-1.7.1-ibm security update
2020-05-20 13:54:06
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2020-04-21 00:00:00
java-1.7.0-openjdk security update
2020-04-22 00:00:00
java-1.8.0-openjdk security update
2020-04-21 00:00:00
amazon
amazon
Important: java-1.7.0-openjdk
2020-05-08 20:58:00
Important: java-1.7.0-openjdk
2020-05-08 20:10:00
Important: java-1.8.0-openjdk
2020-05-05 01:18:00
debian
debian
[SECURITY] [DLA 2193-1] openjdk-7 security update
2020-04-29 00:48:53
[SECURITY] [DSA 4668-1] openjdk-8 security update
2020-04-28 19:35:17
osv
osv
openjdk-7 - security update
2020-04-28 00:00:00
openjdk-8 - security update
2020-04-28 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: java-1.8.0-openjdk-1.8.0.252.b09-0.fc32
2020-05-07 03:11:08
[SECURITY] Fedora 31 Update: java-1.8.0-openjdk-1.8.0.252.b09-0.fc31
2020-05-18 03:23:13
[SECURITY] Fedora 30 Update: java-1.8.0-openjdk-1.8.0.252.b09-0.fc30
2020-05-13 03:36:38
suse
suse
Security update for java-1_8_0-openj9 (important)
2020-06-24 00:00:00
Security update for java-1_8_0-openjdk (important)
2020-06-13 00:00:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2020-04-24 20:03:35
gentoo
gentoo
OpenJDK, IcedTea: Multiple vulnerabilities
2020-06-15 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2020-07-31 09:56:48

EPSS

0.003

Percentile

70.0%

JSON
Related for 266C32AECD9BCC9F1C54099C8FE9B92463A0A02A15157EF458713D15175A641C
f51nessus48ibm65alpinelinux2nvd2redhatcve2debiancve2veracode2ubuntucve2cve2vulnrichment2prion2cvelist2openvas25centos5redhat14oraclelinux5amazon4debian2osv2fedora3suse2mageia1gentoo1aix1