Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights

Summary

Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights 1.3.6 or earlier. The following vulnerabilities, [CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628] allowing unauthorized access of unauthenticated attacker with network access to compromise Java SE to cause a partial denial of service and CVE-2022-3676 allowing malicious bytecode to access and modify type and memory. The vulnerabilities have been addressed.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Remediation/Fixes

IBM strongly suggests applying 1.3.6 InterimI Fix 6 from Fix Central:
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Tivoli/IBM+SmartCloud+Analytics±+Predictive+Insights&release=1.3.6

Then, download and apply IBM SDK, Java Technology Edition release 8.0.7.20 with the latest fixes from the Java Developer Center.

Workarounds and Mitigations

None