CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
AI Score
Confidence
Low
This bulletin for IBM Semeru Runtime covers all applicable Java SE CVEs published by OpenJDK as part of their July 2024 Vulnerability Advisory. For more information please refer to OpenJDK’s July 2024 Vulnerability Advisory and the X-Force database entries referenced below.
CVEID:CVE-2024-21145
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the 2D component could allow a remote attacker to cause low confidentiality, low integrity impacts.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/298467 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVEID:CVE-2024-21144
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Concurrency component could allow a remote attacker to cause low availability impact.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/298470 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2024-21131
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low integrity impact.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/298464 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Semeru Runtime | 8.0.302.0 - 8.0.421.0 |
IBM Semeru Runtime | 11.0.12.0 - 11.0.23.0 |
IBM Semeru Runtime | 17.0.0.0 - 17.0.11.0 |
IBM Semeru Runtime | 21.0.0.0 - 21.0.3.0 |
IBM Semeru Runtime | 22.0.0.0 - 22.0.1.0 |
For detailed information on which CVEs affect which releases, please refer to the IBM Semeru Runtimes Security Vulnerabilities page.
8.0.422.0
11.0.24.0
17.0.12.0
21.0.4.0
22.0.2.0
IBM Semeru Runtime releases can be downloaded from the GitHub repositories for Semeru 8, Semeru 11, Semeru 17, Semeru 21, and Semeru 22 and the IBM Semeru Developer Center.
IBM customers requiring an update for an SDK shipped with an IBM product should contact IBM support, and/or refer to the appropriate product security bulletin.
APAR numbers are as follows:
IJ51871 (CVE-2024-21145)
IJ51873 (CVE-2024-21144)
IJ51918 (CVE-2024-21131)
None.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | semeru_runtime | any | cpe:2.3:a:ibm:semeru_runtime:any:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
AI Score
Confidence
Low