Lucene search

IBMA8E9B25FF1820BF838DAA419D5E228C72877B8C9D200B9C585CD1B6F1E5B2864

HistoryAug 13, 2024 - 6:12 p.m.

Security Bulletin: Multiple vulnerabilities affect IBM® Semeru Runtime

2024-08-1318:12:10

www.ibm.com

ibm semeru runtime

java se

vulnerabilities

updates

x-force

cve-2024-21145

cve-2024-21144

cve-2024-21131

security advisory

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

6.7

Confidence

Low

JSON

Summary

This bulletin for IBM Semeru Runtime covers all applicable Java SE CVEs published by OpenJDK as part of their July 2024 Vulnerability Advisory. For more information please refer to OpenJDK’s July 2024 Vulnerability Advisory and the X-Force database entries referenced below.

Vulnerability Details

CVEID:CVE-2024-21145
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the 2D component could allow a remote attacker to cause low confidentiality, low integrity impacts.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/298467 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:CVE-2024-21144
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Concurrency component could allow a remote attacker to cause low availability impact.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/298470 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2024-21131
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low integrity impact.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/298464 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Semeru Runtime	8.0.302.0 - 8.0.421.0
IBM Semeru Runtime	11.0.12.0 - 11.0.23.0
IBM Semeru Runtime	17.0.0.0 - 17.0.11.0
IBM Semeru Runtime	21.0.0.0 - 21.0.3.0
IBM Semeru Runtime	22.0.0.0 - 22.0.1.0

For detailed information on which CVEs affect which releases, please refer to the IBM Semeru Runtimes Security Vulnerabilities page.

Remediation/Fixes

8.0.422.0
11.0.24.0
17.0.12.0
21.0.4.0
22.0.2.0

IBM Semeru Runtime releases can be downloaded from the GitHub repositories for Semeru 8, Semeru 11, Semeru 17, Semeru 21, and Semeru 22 and the IBM Semeru Developer Center.

IBM customers requiring an update for an SDK shipped with an IBM product should contact IBM support, and/or refer to the appropriate product security bulletin.

APAR numbers are as follows:

IJ51871 (CVE-2024-21145)
IJ51873 (CVE-2024-21144)
IJ51918 (CVE-2024-21131)

Workarounds and Mitigations

None.

Affected configurations

Vulners

Node

ibmsemeru_runtimeMatchany

VendorProductVersionCPE
ibmsemeru_runtimeanycpe:2.3:a:ibm:semeru_runtime:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	semeru_runtime	any	cpe:2.3:a:ibm:semeru_runtime:any:::::::*

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

6.7

Confidence

Low

JSON

Related for A8E9B25FF1820BF838DAA419D5E228C72877B8C9D200B9C585CD1B6F1E5B2864