Three new vulnerabilities discovered in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i. These flaws can cause a denial of service and/or have a significant impact on its integrity (CVE-2023-22081 and CVE-2023-22067).
Oracle Java SE (Oracle GraalVM) contains an unspecified vulnerability. The CVSS risk score is 5.3 for the following 2 components: CORBA(CVE-2023-22067) and JSEE(CVE-2023-22081). A remote attack could impact the confidentiality, integrity and availability of the service.
Gayte.IT would like to remind you that Eclipse OpenJ9 is still vulnerable to denial of service by sending a stop signal, which we already mentioned in the last alert bulletin (for more information, please refer to the following linkedin post: https://lnkd.in/eWdwwcAd ).
In our experience, we strongly recommend that you regularly apply PTFs to the Java group. Please note that, although it is more widely maintained, version V7R3 of the IBM i has a patch (in the form of group 31 for Java) which you can find in the Remedies/Fixes section below (or directly on https://lnkd.in/ernyAx25).
