Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMA9D26D14AAC00764E11A3394CB89D6E0363D88AB9692EB7F10E0567011E1BDE6
HistoryMar 17, 2022 - 3:30 p.m.

Security Bulletin: Multiple vulnerabilities in IBM® Java™ Runtime may affect IBM Decision Optimization Center (CVE-2022-21360, CVE-2022-21365)

2022-03-1715:30:18
www.ibm.com
15
ibm decision optimization center
ibm java sdk
cve-2022-21365
cve-2022-21360
imageio component
denial of service
ibm sdk
java technology edition
compatibility issues

EPSS

0.003

Percentile

69.1%

JSON

Summary

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 & 8 used by IBM Decision Optimization Center. IBM Decision Optimization Center has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2022-21365
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217659 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2022-21360
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217654 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Decision Optimization Center (DOC) 3.9.1
IBM Decision Optimization Center (DOC) 3.9.0.2
IBM Decision Optimization Center (DOC) 3.9.0.1
IBM Decision Optimization Center (DOC) 3.9

Remediation/Fixes

The recommended solution is to download and install the IBM Java SDK as soon as practicable.
Before installing a newer version of IBM Java SDK, please ensure that you:

  • Close any open programs that you have running;
  • Rename the initial directory of the IBM Java SDK (for example: with a .old at the end),
  • Download and install IBM Java SDK.

IBM Decision Optimization Center
From v3.9: IBM SDK, Java Technology Edition, Version 7 Service Refresh 11 Fix Pack 5 and subsequent releases
From v3.9.0.1: IBM SDK, Java Technology Edition, Version 8 Service Refresh 7 Fix Pack 5 and subsequent releases

You must verify that applying this fix does not cause any compatibility issues.
Here are the detailed instructions for updating IBM Java SDK.

Workarounds and Mitigations

None

Related

ibm 37
broadcom 2
veracode 2
cve 2
cvelist 2
nvd 2
redhatcve 2
alpinelinux 2
osv 15
cnvd 2
debiancve 2
prion 2
ubuntucve 2
cbl_mariner 2
f5 1
rosalinux 1
redhat 17
nessus 50
openvas 24
rocky 5
almalinux 2
amazon 2
kaspersky 1
centos 2
oraclelinux 4
debian 2
fedora 6
altlinux 1
suse 3
aix 1
ubuntu 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM® Java™ may affect IBM ILOG CPLEX Optimization Studio (CVE-2022-21360, CVE-2022-21365)
2022-03-17 15:29:00
Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Business Automation Workflow, and IBM Business Process Manager Java CPU January 2022
2022-09-14 15:28:14
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to an unspecified vulnerability in Java SE ( CVE-2022-21360)
2022-05-07 21:20:59
broadcom
broadcom
BSA-2022-1727
2022-07-14 00:00:00
BSA-2022-1728
2022-07-14 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-01-29 16:11:05
Denial Of Service (DoS)
2022-01-29 16:11:01
cve
cve
CVE-2022-21365
2022-01-19 12:15:15
CVE-2022-21360
2022-01-19 12:15:15
cvelist
cvelist
CVE-2022-21365
2022-01-19 11:25:47
CVE-2022-21360
2022-01-19 11:25:37
nvd
nvd
CVE-2022-21365
2022-01-19 12:15:15
CVE-2022-21360
2022-01-19 12:15:15
redhatcve
redhatcve
CVE-2022-21360
2022-01-18 21:49:20
CVE-2022-21365
2022-01-18 21:49:29
alpinelinux
alpinelinux
CVE-2022-21360
2022-01-19 12:15:15
CVE-2022-21365
2022-01-19 12:15:15
osv
osv
CVE-2022-21360
2022-01-19 12:15:15
CVE-2022-21365
2022-01-19 12:15:15
Moderate: java-1.8.0-openjdk security and bug fix update
2022-01-27 13:47:36
cnvd
cnvd
Oracle GraalVM Input Validation Error Vulnerability (CNVD-2022-15477)
2022-01-24 00:00:00
Oracle GraalVM Input Validation Error Vulnerability (CNVD-2022-15476)
2022-01-24 00:00:00
debiancve
debiancve
CVE-2022-21360
2022-01-19 12:15:15
CVE-2022-21365
2022-01-19 12:15:15
prion
prion
Buffer overflow
2022-01-19 12:15:00
Buffer overflow
2022-01-19 12:15:00
ubuntucve
ubuntucve
CVE-2022-21360
2022-01-19 00:00:00
CVE-2022-21365
2022-01-19 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-21365 affecting package openjdk8 1.8.0.292-1
2022-03-10 23:47:38
CVE-2022-21360 affecting package openjdk8 1.8.0.292-1
2022-03-10 23:47:38
f5
f5
K31833420 : Multiple Oracle Java SE vulnerabilities
2022-11-24 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2136
2023-03-28 13:38:54
redhat
redhat
(RHSA-2022:0970) Moderate: java-1.8.0-ibm security update
2022-03-21 07:19:20
(RHSA-2022:0968) Moderate: java-1.8.0-ibm security update
2022-03-21 07:18:38
(RHSA-2022:0969) Moderate: java-1.7.1-ibm security update
2022-03-21 07:18:57
nessus
nessus
RHEL 7 : java-1.7.1-ibm (RHSA-2022:0969)
2022-03-21 00:00:00
RHEL 8 : java-1.8.0-ibm (RHSA-2022:0970)
2022-03-21 00:00:00
RHEL 7 : java-1.8.0-ibm (RHSA-2022:0968)
2022-03-21 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for java-1.7.0-openjdk (EulerOS-SA-2022-1732)
2022-05-25 00:00:00
Oracle Java SE Security Update (jan2022) 02 - Linux
2022-01-19 00:00:00
Oracle Java SE Security Update (jan2022) 02 - Windows
2022-01-19 00:00:00
rocky
rocky
java-1.8.0-openjdk security and bug fix update
2022-01-27 13:47:36
java-1.8.0-openjdk security and bug fix update
2022-02-01 03:36:17
java-17-openjdk security update
2022-01-19 08:53:42
almalinux
almalinux
Moderate: java-1.8.0-openjdk security and bug fix update
2022-01-27 13:47:36
Moderate: java-11-openjdk security update
2022-01-24 09:03:13
amazon
amazon
Medium: java-1.8.0-openjdk
2022-07-19 00:32:00
Medium: java-17-amazon-corretto
2022-02-15 22:56:00
kaspersky
kaspersky
KLA12426 Multiple vulnerabilities in Oracle Java and GraalVM
2022-01-18 00:00:00
centos
centos
java security update
2022-01-27 23:14:09
java security update
2022-01-25 13:01:29
oraclelinux
oraclelinux
java-1.8.0-openjdk security update
2022-01-27 00:00:00
java-1.8.0-openjdk security and bug fix update
2022-01-27 00:00:00
java-11-openjdk security update
2022-01-24 00:00:00
debian
debian
[SECURITY] [DLA 2917-1] openjdk-8 security update
2022-02-10 08:51:22
[SECURITY] [DSA 5058-1] openjdk-17 security update
2022-01-25 19:58:47
fedora
fedora
[SECURITY] Fedora 35 Update: java-1.8.0-openjdk-1.8.0.322.b06-2.fc35
2022-02-11 01:23:37
[SECURITY] Fedora 34 Update: java-1.8.0-openjdk-1.8.0.322.b06-2.fc34
2022-02-11 01:11:34
[SECURITY] Fedora 35 Update: java-11-openjdk-11.0.14.0.9-2.fc35
2022-01-29 06:41:28
altlinux
altlinux
Security fix for the ALT Linux 10 package java-1.8.0-openjdk version 0:1.8.0.322.b06-alt2_1jpp8
2022-04-07 00:00:00
suse
suse
Security update for java-1_8_0-openjdk (important)
2022-03-16 00:00:00
Security update for java-1_8_0-openj9 (important)
2022-03-16 00:00:00
Security update for java-11-openjdk (moderate)
2022-03-14 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2022-06-14 14:37:05
ubuntu
ubuntu
OpenJDK vulnerabilities
2022-03-07 00:00:00

EPSS

0.003

Percentile

69.1%

JSON
Related for A9D26D14AAC00764E11A3394CB89D6E0363D88AB9692EB7F10E0567011E1BDE6
ibm37broadcom2veracode2cve2cvelist2nvd2redhatcve2alpinelinux2osv15cnvd2debiancve2prion2ubuntucve2cbl_mariner2f51rosalinux1redhat17nessus50openvas24rocky5almalinux2amazon2kaspersky1centos2oraclelinux4debian2fedora6altlinux1suse3aix1ubuntu1