Lucene search

IBM55214A2FB953C93C42BE30F778858BE48A01D592C21E7105C020FAB83C3BE3F4

HistoryAug 06, 2024 - 11:39 a.m.

Security Bulletin: Security vulnerabilities may affect IBM Java shipped with IBM TXSeries for Multiplatforms.

2024-08-0611:39:33

www.ibm.com

ibm java

txseries

multiplatforms

vulnerabilities

update

cve-2024-21094

cve-2024-21085

cve-2024-21011

cve-2023-38264

remediation

fix

psirt

download

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

Confidence

High

JSON

Summary

Security vulnerabilities may affect IBM shipped with IBM Java TXSeries for Multiplatforms. The version of IBM Java shipped with IBM TXSeries for Multiplatforms has been updated to address the applicable issues.

Vulnerability Details

CVEID:CVE-2024-21094
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/287959 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2024-21085
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low availability impacts.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/288000 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2024-21011
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low availability impact.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/288020 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2023-38264
**DESCRIPTION:**The IBM SDK, Java Technology Edition’s Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM X-Force ID: 260578.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/260578 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM TXSeries for Multiplatforms	8.1
IBM TXSeries for Multiplatforms	8.2
IBM TXSeries for Multiplatforms	9.1

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by updating IBM TXSeries for Multiplatforms.

Product	Version	Platform	Remediation/Fix
IBM TXSeries for Multiplatforms

8.1

| Linux, AIX|

PSIRT fixes for IBM TXSeries for Multiplatforms 8.1 will only be provided for extended support customers with a request through Salesforce case.

IBM TXSeries for Multiplatforms|

8.2

| Linux, AIX, Windows|

PSIRT fixes for IBM TXSeries for Multiplatforms 8.2 will only be provided for extended support customers with a request through Salesforce case.

IBM TXSeries for Multiplatforms|

9.1

| Linux, AIX|

Download the update from Fix Central

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmtxseries_for_multiplatformsMatch8.1

ibmtxseries_for_multiplatformsMatch8.2

ibmtxseries_for_multiplatformsMatch9.1

VendorProductVersionCPE
ibmtxseries_for_multiplatforms8.1cpe:2.3:a:ibm:txseries_for_multiplatforms:8.1:*:*:*:*:*:*:*
ibmtxseries_for_multiplatforms8.2cpe:2.3:a:ibm:txseries_for_multiplatforms:8.2:*:*:*:*:*:*:*
ibmtxseries_for_multiplatforms9.1cpe:2.3:a:ibm:txseries_for_multiplatforms:9.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	txseries_for_multiplatforms	8.1	cpe:2.3:a:ibm:txseries_for_multiplatforms:8.1:::::::*
ibm	txseries_for_multiplatforms	8.2	cpe:2.3:a:ibm:txseries_for_multiplatforms:8.2:::::::*
ibm	txseries_for_multiplatforms	9.1	cpe:2.3:a:ibm:txseries_for_multiplatforms:9.1:::::::*