Vulnerability CVE-2021-41035 - CERT Civis.Net

Vulnerability Name:

CVE-2021-41035 (CCN-212010)

Assigned:

2021-10-20

Published:

2021-10-20

Updated:

2021-10-28

Summary:

In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods.

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.7 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
6.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

5.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.0 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-Other
CWE-732

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2021-41035

Source: CCN
Type: Bugzilla - Bug 576395
OpenJ9 must throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods

Source: CONFIRM
Type: Vendor Advisory
https://bugs.eclipse.org/bugs/show_bug.cgi?id=576395

Source: XF
Type: UNKNOWN
eclipse-cve202141035-priv-esc(212010)

Source: CONFIRM
Type: Patch, Third Party Advisory
https://github.com/eclipse-openj9/openj9/pull/13740

Source: CONFIRM
Type: Vendor Advisory
https://gitlab.eclipse.org/eclipsefdn/emo-team/emo/-/issues/104

Source: CCN
Type: Eclipse Web site
Eclipse Openj9

Source: CCN
Type: IBM Security Bulletin 6522860 (Java)
Multiple vulnerabilities may affect IBM SDK, Java Technology Edition

Source: CCN
Type: IBM Security Bulletin 6522862 (Semeru Runtimes)
Multiple vulnerabilities may affect IBM Semeru Runtime

Source: CCN
Type: IBM Security Bulletin 6523752 (Event Streams)
IBM Event Streams affected by multiple vulnerabilities in the Java runtime

Source: CCN
Type: IBM Security Bulletin 6524676 (Tivoli Business Service Manager)
Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager

Source: CCN
Type: IBM Security Bulletin 6525758 (Business Automation Workflow)
Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products Java CPU October 2021

Source: CCN
Type: IBM Security Bulletin 6526068 (Rational Asset Analyzer)
Vulnerabilities in IBM Java affecting IBM Rational Asset Analyzer.

Source: CCN
Type: IBM Security Bulletin 6528018 (SPSS Statistics)
Mutliple Vulnerabilities in Java Runtime affects IBM SPSS Statistics

Source: CCN
Type: IBM Security Bulletin 6529490 (WebSphere Application Server Patterns)
Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server October 2021 CPU that is bundled with IBM WebSphere Application Server Patterns

Source: CCN
Type: IBM Security Bulletin 6536922 (SPSS Statistics Subscription)
Multiple Vulnerabilities in Java Runtime affects IBM SPSS Statistics Subscription

Source: CCN
Type: IBM Security Bulletin 6538366 (Rational Functional Tester)
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester

Source: CCN
Type: IBM Security Bulletin 6539506 (Cloud Transformation Advisor)
Multiple Security Vulnerabilities Affect IBM Cloud Transformation Advisor

Source: CCN
Type: IBM Security Bulletin 6540570 (MQ)
IBM MQ is vulnerable to multiple issues in IBM Runtime Environment Java Technology Edition, Version 8 and Version 7 (CVE-2021-35578, CVE-2021-35588, CVE-2021-41035)

Source: CCN
Type: IBM Security Bulletin 6540600 (Data Risk Manager)
IBM Data Risk Manager is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6540918 (DataQuant for z/OS)
IBM SDK Java 8.0.7.0 Update for IBM DataQuant

Source: CCN
Type: IBM Security Bulletin 6541318 (Rational Build Forge)
IBM Rational Build Forge 8.0.x is affected by Java version used in it.(CVE-2021-35560, CVE-2021-35586, CVE-2021-35578, CVE-2021-35564, CVE-2021-35559, CVE-2021-35556, CVE-2021-35565, CVE-2021-35588, CVE-2021-41035)

Source: CCN
Type: IBM Security Bulletin 6549910 (i)
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i

Source: CCN
Type: IBM Security Bulletin 6550514 (Liberty for Java)
Multiple vulnerabilities in IBM Java SDK affect Liberty for Java for IBM Cloud October 2021 CPU

Source: CCN
Type: IBM Security Bulletin 6554578 (Security Directory Server Virtual Appliance)
Multiple security vulnerabilities have been identified in IBM Java SDK that affect IBM Security Directory Suite - October 2021 CPU

Source: CCN
Type: IBM Security Bulletin 6555112 (CICS TX on Cloud)
A vulnerability in IBM Java Runtime affects IBM CICS TX on Cloud

Source: CCN
Type: IBM Security Bulletin 6555376 (Cognos Command Center)
IBM Cognos Command Center is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6556970 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Java

Source: CCN
Type: IBM Security Bulletin 6557216 (Tivoli Application Dependency Discovery Manager)
Due to use of IBM SDK, Java Technology Edition, IBM Tivoli Application Dependency Discovery Manager (TADDM) is vulnerable to denial of service

Source: CCN
Type: IBM Security Bulletin 6558182 (Tivoli Composite Application Manager for Transactions)
IBM SDK, Java Technology Edition Quarterly CPU - Oct 2021 - Includes Oracle October 2021 CPU (minus CVE-2021-35550/35561/35603) plus CVE-2021-41035 affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time

Source: CCN
Type: IBM Security Bulletin 6558494 (Cloud Application Business Insights)
Vulnerabilities in Java impact IBM Cloud Application Business Insights (CVE-2021-35550, CVE-2021-35561, CVE-2021-35603, and CVE-2021-41035)

Source: CCN
Type: IBM Security Bulletin 6558514 (Content Collector for File Systems)
Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Source: CCN
Type: IBM Security Bulletin 6558516 (Content Collector for Microsoft SharePoint)
Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Source: CCN
Type: IBM Security Bulletin 6558520 (Content Collector for IBM Connections)
Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Source: CCN
Type: IBM Security Bulletin 6558524 (Content Collector for Email)
Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Source: CCN
Type: IBM Security Bulletin 6558542 (CICS Transaction Gateway)
February 2022 :Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway

Source: CCN
Type: IBM Security Bulletin 6558550 (TXSeries for Multiplatforms)
A vulnerability in IBM Java Runtime affects TXSeries for Multiplatforms

Source: CCN
Type: IBM Security Bulletin 6558908 (AIX)
Multiple vulnerabilities in IBM Java SDK affect AIX

Source: CCN
Type: IBM Security Bulletin 6559324 (Watson Speech Services Cartridge for Cloud Pak for Data)
Vulnerabilities in Java SE affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data

Source: CCN
Type: IBM Security Bulletin 6560416 (Connect:Direct Web Services)
Multiple Vulnerabilities in IBM Java Runtime Affect IBM Connect:Direct Web Services

Source: CCN
Type: IBM Security Bulletin 6561041 (Sterling Connect:Direct Browser User Interface)
Multiple Vulnerabilities in Sterling Connect:Direct Browser User Interface

Source: CCN
Type: IBM Security Bulletin 6561229 (Cloud Pak for Automation)
Multiple security vulnerability are addressed in monthly security fix for IBM Cloud Pak for Business Automation February 2022

Source: CCN
Type: IBM Security Bulletin 6561577 (DB2 Recovery Expert for LUW)
Some unspecified vulnerabilities in Java SE result in the unauthenticated attacker to take control of the system or some impact

Source: CCN
Type: IBM Security Bulletin 6563573 (Security Guardium)
IBM Security Guardium is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6565729 (License Metric Tool)
A vulnerability in Java affects IBM License Metric Tool v9 (CVE-2021-35578).

Source: CCN
Type: IBM Security Bulletin 6566227 (Rational Application Developer)
IBM SDK, Java Technology Edition, Security Update October 2021

Source: CCN
Type: IBM Security Bulletin 6566881 (Cloud Pak System)
Multiple Vulnerabilities in IBM Java SDK affect Cloud Pak System

Source: CCN
Type: IBM Security Bulletin 6567133 (Rational Software Architect Designer)
IBM SDK, Java Technology Edition Quarterly CPU - Oct 2021and Jan 2022

Source: CCN
Type: IBM Security Bulletin 6568225 (Tivoli Netcool/Impact)
A vulnerability in IBM Java SDK affects IBM Tivoli Netcool Impact (CVE-2021-35560, CVE-2021-35578, CVE-2021-35564, CVE-2021-35565, CVE-2021-35588, CVE-2021-41035)

Source: CCN
Type: IBM Security Bulletin 6568741 (Integration Bus)
Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterprise

Source: CCN
Type: IBM Security Bulletin 6574513 (Cloud Private)
Security Vulnerabilities affect IBM Cloud Private - Java (Multiple CVEs)

Source: CCN
Type: IBM Security Bulletin 6574787 (QRadar SIEM)
IBM QRadar SIEM is vulnerable to using components with Known Vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6575093 (Tivoli Monitoring)
Vulnerabilities in IBM Java included with IBM Tivoli Monitoring

Source: CCN
Type: IBM Security Bulletin 6591155 (Security SOAR)
IBM Security SOAR is using a component with multiple known vulnerabilities - IBM JDK 8.0.7.0

Source: CCN
Type: IBM Security Bulletin 6597615 (Watson Knowledge Catalog on-prem)
Multiple Vulnerabilities in Java affecting Watson Knowledge Catalog for IBM Cloud Pak for Data

Source: CCN
Type: IBM Security Bulletin 6602023 (Tivoli Netcool/OMNIbus)
Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (Multiple CVEs)

Source: CCN
Type: IBM Security Bulletin 6607167 (Workload Scheduler)
Vulnerabilities in IBM SDK Java Technology Edition, Version 8, that is used by IBM Workload Scheduler.

Source: CCN
Type: IBM Security Bulletin 6616545 (Netcool Operations Insight)
Netcool Operations Insight v1.6.5 contains fixes for multiple security vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6618733 (Intelligent Operations Center)
Multiple vulnerabilities have been identified in Oracle October 2021 CPU for Java 8 shipped with IBM Intelligent Operations Center (CVE-2021-35560, CVE-2021-35586, CVE-2021-35578, CVE-2021-35564, CVE-2021-35559, CVE)

Source: CCN
Type: IBM Security Bulletin 6837345 (PureData System for Operational Analytics)
IBM SDK, Java Technology Edition Quarterly CPU - January 2019 through July 2022 affects AIX LPARs in IBM PureData System for Operational Analytics

Source: CCN
Type: IBM Security Bulletin 6841803 (Cognos Controller)
IBM Cognos Controller has addressed multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6987741 (Spectrum Scale)
IBM Spectrum Scale Transparent Cloud Tiering is affected by multiple vulnerabilities in IBM Runtime Environment Java

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2021-41035

Vulnerable Configuration:

Configuration 1:

cpe:/a:eclipse:openj9:*:*:*:*:*:*:*:* (Version < 0.29.0)

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::supplementary:*:*:*:*:*

Configuration CCN 1:

cpe:/a:eclipse:openj9:0.28.0:milestone1:*:*:*:*:*:*

AND

cpe:/o:ibm:aix:7.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_build_forge:8.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_monitoring:6.3.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:business_process_manager:8.5:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.1:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_netcool/impact:7.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_netcool/omnibus:8.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:txseries:8.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:license_metric_tool:9.2:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server_patterns:1.0.0.0:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:mq:8.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_functional_tester:9.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:business_process_manager:8.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_functional_tester:9.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:10.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_asset_analyzer:6.1.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server_patterns:1.0.0.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server_patterns:2.2.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_software_architect_designer:9.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect:11.0.0.0:*:*:*:enterprise:*:*:*

OR cpe:/a:ibm:integration_bus:10.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:10.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_command_center:10.2.4.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_functional_tester:9.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:intelligent_operations_center:5.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:intelligent_operations_center:5.1.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:intelligent_operations_center:5.1.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:intelligent_operations_center:5.1.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:intelligent_operations_center:5.1.0.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_controller:10.4.0:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:java:7.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:java:7.1.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:java:8.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_controller:10.4.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:vios:3.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_system:2.3.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_discovery:2.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:db2_recovery_expert:5.5:if1:*:*:linux:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:19.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3.3:-:*:*:*:*:*:*

OR cpe:/a:ibm:content_collector:4.0.0:*:*:*:email:*:*:*

OR cpe:/a:ibm:content_collector:4.0.1:*:*:*:email:*:*:*

OR cpe:/a:ibm:txseries:9.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:dataquant:2.1:*:*:*:z/os:*:*:*

OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_system:2.3.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_private:3.2.1:cd:*:*:*:*:*:*

OR cpe:/a:ibm:data_risk_manager:2.0.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:2019.4.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:20.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:business_automation_workflow:18.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:business_automation_workflow:19.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:business_automation_workflow:20.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_asset_analyzer:6.1.0.23:*:*:*:*:*:*:*

OR cpe:/a:ibm:data_risk_manager:2.0.6.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:data_risk_manager:2.0.6.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:intelligent_operations_center:5.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:intelligent_operations_center:5.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:db2_recovery_expert:5.5.0.1:*:*:*:linux:*:*:*

OR cpe:/a:ibm:event_streams:2019.4.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_private:3.2.2:cd:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_composite_application_manager:7.4.0:*:*:*:transactions:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:8.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:8.0.0.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:8.1.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:8.1.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.1.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.1.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.2.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.2.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:content_collector:4.0.1:*:*:*:ibm_connections:*:*:*

OR cpe:/a:ibm:cloud_pak_system:2.3.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:20.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.0.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_controller:10.4.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_system:2.3.3.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_system:2.3.3.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_system:2.3.3.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:2019.4.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_application_business_insights:1.1.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:20.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_application_developer:9.6:*:*:*:websphere:*:*:*

OR cpe:/a:ibm:watson_discovery:2.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_system:2.3.3.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:21.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:21.0.2:-:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4.3:-:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.3.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.3.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.4:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:7.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:data_risk_manager:2.0.6.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:19.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:19.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.2:-:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8079	P	java-1_8_0-ibm-1.8.0_sr8.0-150000.3.71.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:3437	P	audiofile-0.3.6-11.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95067	P	java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1 on GA media (Moderate)	2022-06-22
oval:com.redhat.rhsa:def:20220345	P	RHSA-2022:0345: java-1.8.0-ibm security update (Important)	2022-02-01
oval:org.opensuse.security:def:125707	P	Security update for java-1_7_1-ibm (Moderate)	2022-01-24
oval:org.opensuse.security:def:127270	P	Security update for java-1_7_1-ibm (Moderate)	2022-01-24
oval:org.opensuse.security:def:5236	P	Security update for java-1_7_1-ibm (Moderate)	2022-01-24
oval:org.opensuse.security:def:126873	P	Security update for java-1_7_1-ibm (Moderate)	2022-01-24
oval:org.opensuse.security:def:6035	P	Security update for java-1_7_1-ibm (Moderate)	2022-01-24
oval:org.opensuse.security:def:5208	P	Security update for java-1_8_0-ibm (Important)	2022-01-18
oval:org.opensuse.security:def:119357	P	Security update for java-1_8_0-ibm (Important)	2022-01-18
oval:org.opensuse.security:def:1230	P	Security update for java-1_8_0-ibm (Important)	2022-01-18
oval:org.opensuse.security:def:126849	P	Security update for java-1_8_0-ibm (Important)	2022-01-18
oval:org.opensuse.security:def:119542	P	Security update for java-1_8_0-ibm (Important)	2022-01-18
oval:org.opensuse.security:def:5997	P	Security update for java-1_8_0-ibm (Important)	2022-01-18
oval:org.opensuse.security:def:125683	P	Security update for java-1_8_0-ibm (Important)	2022-01-18
oval:org.opensuse.security:def:127246	P	Security update for java-1_8_0-ibm (Important)	2022-01-18
oval:org.opensuse.security:def:101890	P	Security update for java-1_8_0-ibm (Important)	2022-01-18
oval:org.opensuse.security:def:31370	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:57194	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:86214	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:26218	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:55315	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:83375	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:40312	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:76444	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:92674	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:111857	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:6490	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:69616	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:102926	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:33108	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:58932	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:88595	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:30168	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:56110	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:84755	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:24046	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:51763	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:82699	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:109592	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:10425	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:70578	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:34670	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:60494	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:99425	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:31371	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:57573	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:86215	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:29492	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:55316	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:83494	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:41395	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:44742	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:92873	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:106115	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:9476	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:69815	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:102930	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:33109	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:59872	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:88596	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:30287	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:56111	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:85834	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:24047	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:52034	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:82700	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:109596	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:10438	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:70582	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:34671	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:67376	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:99624	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:31750	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:57574	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:87572	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:29493	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:55990	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:83495	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:23774	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:45825	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:96246	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:106314	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:9675	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:70014	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:34049	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:59873	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:89527	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:30288	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:57193	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:85835	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:26217	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:52035	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:83374	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:38173	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:10442	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:92475	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:6287	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:67579	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:99823	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:31751	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:58931	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:87573	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:30167	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:55991	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:84754	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:23775	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:51762	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:96256	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:106513	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:9874	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:70565	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:34050	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:60493	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:89528	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04