Three new vulnerabilities discovered in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i.
These flaws can cause a denial of service and/or have a significant impact on its integrity (CVE-2023-22081 and CVE-2023-22067).
Oracle Java SE (Oracle GraalVM) contains an unspecified vulnerability.
The CVSS risk score is 5.3 for the following 2 components: CORBA(CVE-2023-22067) and JSEE(CVE-2023-22081).
A remote attack could impact the confidentiality, integrity and availability of the service.
Gayte.IT would like to remind you that Eclipse OpenJ9 is still vulnerable to denial of service by sending a stop signal, which we already mentioned in the last alert bulletin (for more information, please refer to the blog post: https://i.gayte.it/alerte/alerte-securite-ibm-i-ibm-runtime-environnement-java-version-8-05-02-2024/ ).
In our experience, we strongly recommend that you regularly apply PTFs to the Java group.
Please note that, although it is more widely maintained, version V7R3 of the IBM i has a patch (in the form of group 31 for Java) which you can find in the Remedies/Fixes section below (or directly on https://lnkd.in/ernyAx25).
