Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMA872A6C135345C54C4CA10C7E1C466509DC0EDDE67E2A3CD0AA36BA201E24581
HistoryMar 24, 2021 - 7:44 p.m.

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Operational Decision Manager (Oct 2020 and Jan 2021 CPUs)

2021-03-2419:44:27
www.ibm.com
20
ibm
sdk
java technology
ibm operational decision manager
vulnerabilities
october 2020
january 2021
cve-2020-14779
cve-2020-14792
cve-2020-14796
cve-2020-14797
cve-2020-14798
cve-2020-14782
cve-2020-14803
disclosure
cvss
security advisory

EPSS

0.004

Percentile

75.0%

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 and 8 that is used by IBM Operational Decision Manager (ODM). These issues were disclosed as part of the IBM Java SDK updates in October 2020 and and in January 2021.

Vulnerability Details

CVEID:CVE-2020-14779
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190097 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2020-14792
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Hotspot component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190110 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)

CVEID:CVE-2020-14796
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190114 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)

CVEID:CVE-2020-14797
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190115 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2020-14798
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190116 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)

CVEID:CVE-2020-14782
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190100 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2020-14803
**DESCRIPTION:**An unspecified vulnerability in Java SE could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190121 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2020-27221
**DESCRIPTION:**Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195353 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Operational Decision Manager 8.8.x
IBM Operational Decision Manager 8.9.x
IBM Operational Decision Manager 8.10.x

Remediation/Fixes

IBM recommends upgrading to a fixed, supported version/release/platform of the product:

  • IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 80 and subsequent releases
  • IBM SDK, Java Technology Edition, Version 8 Service Refresh 6 Fix Pack 25 and subsequent releases

Select the following interim fix to upgrade your JDK based on your version of the product and operating system:

IBM Operational Decision Manager v8.8:
IBM Operational Decision Manager v8.9:
IBM Operational Decision Manager v8.10:
Interim fix for APAR RS03767 is available from IBM Fix Central:

JDK7: 8.7.0.0-WS-ODM_JDK7-<OS>-IF011

JDK8: 8.9.0.0-WS-ODM_JDK8-<OS>-IF010

Workarounds and Mitigations

None

Related

ibm 77
ubuntu 2
nessus 54
fedora 6
suse 2
osv 5
openvas 25
kaspersky 1
debian 2
amazon 3
redhat 11
oraclelinux 5
centos 3
aix 1
mageia 1
f5 1
ibm
ibm
Security Bulletin: IBM Event Streams affected by multiple Java SE security vulnerabilities
2021-01-22 22:03:54
Security Bulletin: Multiple security vulnerabilities have been identified in IBM® Java SDK that affect IBM Security Directory Suite
2021-08-19 20:04:22
Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities - Java SE (CVE-2020-14779, CVE-2020-14792, CVE-2020-14796, CVE-2020-14797, CVE-2020-14798)
2021-02-25 14:34:58
ubuntu
ubuntu
OpenJDK regressions
2020-11-12 00:00:00
OpenJDK vulnerabilities
2020-10-27 00:00:00
nessus
nessus
SUSE SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2020:3310-1)
2020-12-09 00:00:00
Amazon Corretto Java 15.x < 15.0.1.9.1 Multiple Vulnerabilities
2022-04-01 00:00:00
Amazon Corretto Java 11.x < 11.0.9.11.1 Multiple Vulnerabilities
2022-04-01 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: java-11-openjdk-11.0.9.11-0.fc32
2020-10-31 02:02:10
[SECURITY] Fedora 33 Update: java-1.8.0-openjdk-1.8.0.272.b10-0.fc33
2020-10-26 01:07:14
[SECURITY] Fedora 32 Update: java-1.8.0-openjdk-1.8.0.272.b10-0.fc32
2020-10-31 02:02:10
suse
suse
Security update for java-11-openjdk (moderate)
2020-11-21 00:00:00
Security update for java-11-openjdk (moderate)
2020-11-21 00:00:00
osv
osv
openjdk-8 - security update
2020-10-23 00:00:00
openjdk-8, openjdk-lts regressions
2020-11-12 21:58:30
openjdk-11 - security update
2020-10-25 00:00:00
openvas
openvas
Fedora: Security Advisory for java-1.8.0-openjdk (FEDORA-2020-febe36c3ac)
2020-10-31 00:00:00
Debian: Security Advisory (DSA-4779-1)
2020-10-26 00:00:00
Fedora: Security Advisory for java-1.8.0-openjdk (FEDORA-2020-5708dd5b87)
2020-10-26 00:00:00
kaspersky
kaspersky
KLA11985 Multiple vulnerabilities in Oracle Java SE
2020-10-20 00:00:00
debian
debian
[SECURITY] [DLA 2412-1] openjdk-8 security update
2020-10-30 09:23:09
[SECURITY] [DSA 4779-1] openjdk-11 security update
2020-10-25 10:14:25
amazon
amazon
Medium: java-1.8.0-openjdk
2021-01-12 22:51:00
Medium: java-1.8.0-openjdk
2021-01-05 23:34:00
Medium: java-1.8.0-openjdk
2020-12-16 20:31:00
redhat
redhat
(RHSA-2020:4348) Moderate: java-1.8.0-openjdk security update
2020-10-26 19:47:30
(RHSA-2020:4305) Moderate: java-11-openjdk security and bug fix update
2020-10-22 10:29:05
(RHSA-2020:4307) Moderate: java-11-openjdk security update
2020-10-22 10:29:24
oraclelinux
oraclelinux
java-1.8.0-openjdk security update
2020-10-27 00:00:00
java-11-openjdk security and bug fix update
2020-10-22 00:00:00
java-11-openjdk security update
2020-10-23 00:00:00
centos
centos
java security update
2020-11-09 13:12:26
java security update
2020-11-06 21:59:28
java security update
2020-11-06 21:58:30
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2021-03-15 10:22:29
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2020-11-14 00:20:36
f5
f5
K45012029 : OpenJDK vulnerability CVE-2020-14796, CVE-2020-14798, CVE-2020-14803
2022-10-25 00:00:00

EPSS

0.004

Percentile

75.0%

JSON
Related for A872A6C135345C54C4CA10C7E1C466509DC0EDDE67E2A3CD0AA36BA201E24581
ibm77ubuntu2nessus54fedora6suse2osv5openvas25kaspersky1debian2amazon3redhat11oraclelinux5centos3aix1mageia1f51