Security bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable due to multiple security flaws, mostly related to JAVA components.
IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are susceptible to a remote attack causing an impact on confidentiality (CVE-2024-21145), availability (CVE-2024-21144), integrity (CVE-2024-21131) and a denial of service (CVE-2024-27267).
[CVE-2024-21145] An unspecified vulnerability in Java SE linking to the 2D component could allow a remote attacker to cause low confidentiality and low integrity impacts. CVSS Base score: 4.8
[CVE-2024-21144] An unspecified vulnerability in Java SE linking to the Concurrency component could allow a remote attacker to cause an impact on availability. CVSS Base score: 3.7
[CVE-2024-21131] An unspecified vulnerability in Java SE linking to the VM component could allow a remote attacker to cause low integrity impact. CVSS Base score: 3.7
[CVE-2024-27267] The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 to 7.1.5.18 and 8.0.0.0 to 8.0.8.26 is vulnerable to a remote denial of service, caused by a race condition in the management of ORB listening threads. Its X-Force ID is 284573. CVSS Base score: 5.9
Vulnerabilities in IBM i versions 7.5, 7.4 and 7.3 can be corrected by applying the latest version of Java PTF Group.
For more information on this bulletin, please visit the official IBM support site: https://www.ibm.com/support/pages/node/7173297?myns=swgother&mynp=OCSWG60&mynp=OCSS9QQS&mynp=OCSSTS2D&mynp=OCSSB23CE&mync=E&cm_sp=swgother-_-OCSWG60-OCSS9QQS-OCSSTS2D-OCSSB23CE-_-E
