Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM7A722689696066F0764723099958DD60A4C2A6E1D3EC8E91FE513D5405BC1FC9
HistoryFeb 03, 2022 - 8:47 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (October 2021) affects IBM InfoSphere Information Server (CVE-2021-2341 CVE-2021-35578 CVE-2021-35564)

2022-02-0320:47:48
www.ibm.com
57
ibm
java sdk
infosphere information server
vulnerabilities
networking
jsse
keytool
cve-2021-2341
cve-2021-35578
cve-2021-35564
denial of service
confidentiality
integrity
availability
remediation
jr64381

EPSS

0.003

Percentile

69.8%

JSON

Summary

There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in October 2021.

Vulnerability Details

CVEID:CVE-2021-2341
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205768 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)

CVEID:CVE-2021-35578
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211654 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-35564
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211640 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
InfoSphere Information Server 11.7

Remediation/Fixes

Product |

VRMF

|

APAR

|

Remediation/First Fix

—|—|—|—

InfoSphere Information Server, Information Server on Cloud

|

11.7

|

JR64381

|

--Follow instructions in the README
--If not previously addressed, for AIX installations, see Technote for class not found errors related to ProviderExceptions, Failed to initialize IBMJCEPlus provider, and jgskit (Not found in java.library.path)

Workarounds and Mitigations

None

Related

ibm 90
broadcom 2
redhatcve 3
osv 12
cnvd 2
vulnrichment 3
nvd 3
cve 3
alpinelinux 3
ubuntucve 3
prion 3
cvelist 3
aix 1
veracode 3
debiancve 3
nessus 23
openvas 17
suse 4
redhat 7
rocky 2
almalinux 2
fedora 3
debian 1
ubuntu 1
oraclelinux 1
centos 1
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server October 2021 CPU
2021-12-02 14:16:45
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for SAP Applications
2022-02-23 10:30:36
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/Transaction Processing Facility
2021-12-16 19:48:12
broadcom
broadcom
BSA-2022-1690
2022-07-29 00:00:00
BSA-2022-1689
2022-07-29 00:00:00
redhatcve
redhatcve
CVE-2021-35564
2021-10-19 21:03:11
CVE-2021-35578
2021-10-19 21:25:44
CVE-2021-2341
2021-07-20 20:55:09
osv
osv
CVE-2021-35578
2021-10-20 11:16:55
CVE-2021-35564
2021-10-20 11:16:37
CVE-2021-2341
2021-07-21 15:15:17
cnvd
cnvd
Unspecified Vulnerabilities in Oracle Java SE and Oracle GraalVM Enterprise Edition
2021-10-20 00:00:00
Oracle Java SE and Oracle GraalVM Enterprise Edition Denial of Service Vulnerability (CNVD-2021-81805)
2021-10-20 00:00:00
vulnrichment
vulnrichment
CVE-2021-35564
2021-10-20 10:50:11
CVE-2021-2341
2021-07-20 22:43:20
CVE-2021-35578
2021-10-20 10:50:24
nvd
nvd
CVE-2021-35564
2021-10-20 11:16:37
CVE-2021-35578
2021-10-20 11:16:55
CVE-2021-2341
2021-07-21 15:15:17
cve
cve
CVE-2021-35564
2021-10-20 11:16:37
CVE-2021-35578
2021-10-20 11:16:55
CVE-2021-2341
2021-07-21 15:15:17
alpinelinux
alpinelinux
CVE-2021-35564
2021-10-20 11:16:37
CVE-2021-35578
2021-10-20 11:16:55
CVE-2021-2341
2021-07-21 15:15:17
ubuntucve
ubuntucve
CVE-2021-35564
2021-10-20 00:00:00
CVE-2021-35578
2021-10-20 00:00:00
CVE-2021-2341
2021-07-21 00:00:00
prion
prion
Code injection
2021-10-20 11:16:00
Design/Logic Flaw
2021-07-21 15:15:00
Code injection
2021-10-20 11:16:00
cvelist
cvelist
CVE-2021-2341
2021-07-20 22:43:20
CVE-2021-35564
2021-10-20 10:50:11
CVE-2021-35578
2021-10-20 10:50:24
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2022-02-23 08:12:23
veracode
veracode
Improper Input Validation
2021-10-26 21:54:55
Remote Code Execution (RCE)
2021-07-25 00:38:50
Improper Input Validation
2021-10-26 21:55:43
debiancve
debiancve
CVE-2021-35564
2021-10-20 11:16:37
CVE-2021-35578
2021-10-20 11:16:55
CVE-2021-2341
2021-07-21 15:15:17
nessus
nessus
SUSE SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2022:0108-1)
2022-01-19 00:00:00
openSUSE 15 Security Update : java-1_8_0-ibm (openSUSE-SU-2022:0108-1)
2022-01-19 00:00:00
RHEL 8 : java-1.8.0-ibm (RHSA-2021:4089)
2021-11-02 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:0108-1)
2022-01-20 00:00:00
Oracle Java SE Security Update (oct2021) 02 - Linux
2021-10-25 00:00:00
Oracle Java SE Security Update (oct2021) 02 - Windows
2021-10-25 00:00:00
suse
suse
Security update for seamonkey (important)
2022-04-08 00:00:00
Security update for java-1_8_0-openj9 (important)
2021-11-06 00:00:00
Security update for java-1_8_0-openj9 (important)
2021-11-04 00:00:00
redhat
redhat
(RHSA-2021:4089) Moderate: java-1.8.0-ibm security update
2021-11-02 10:12:27
(RHSA-2021:3292) Moderate: java-1.8.0-ibm security update
2021-08-30 07:48:12
(RHSA-2022:0345) Important: java-1.8.0-ibm security update
2022-02-01 15:01:14
rocky
rocky
java-17-openjdk security update
2021-11-09 19:26:37
java-11-openjdk security update
2021-07-21 07:28:55
almalinux
almalinux
Important: java-17-openjdk security update
2021-11-09 19:26:37
Important: java-1.8.0-openjdk security update
2021-07-21 07:31:58
fedora
fedora
[SECURITY] Fedora 33 Update: java-latest-openjdk-17.0.1.0.12-1.rolling.fc33
2021-10-31 01:01:59
[SECURITY] Fedora 35 Update: java-latest-openjdk-17.0.1.0.12-1.rolling.fc35
2021-10-31 01:09:50
[SECURITY] Fedora 34 Update: java-latest-openjdk-17.0.1.0.12-1.rolling.fc34
2021-10-31 01:15:50
debian
debian
[SECURITY] [DSA 5012-1] openjdk-17 security update
2021-11-23 21:30:57
ubuntu
ubuntu
OpenJDK vulnerabilities
2021-12-17 00:00:00
oraclelinux
oraclelinux
java-17-openjdk security update
2021-11-18 00:00:00
centos
centos
java security update
2021-07-22 13:56:57

EPSS

0.003

Percentile

69.8%

JSON
Related for 7A722689696066F0764723099958DD60A4C2A6E1D3EC8E91FE513D5405BC1FC9
ibm90broadcom2redhatcve3osv12cnvd2vulnrichment3nvd3cve3alpinelinux3ubuntucve3prion3cvelist3aix1veracode3debiancve3nessus23openvas17suse4redhat7rocky2almalinux2fedora3debian1ubuntu1oraclelinux1centos1