QID 379387
Date Published: 2024-02-21
QID 379387: IBM Java Software Development Kit (SDK) Security Vulnerability (7116432)
The IBM SDK is an installable Java package, which contains the Java Application Programming Interface (API)
CVE-2024-20952 : An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high confidentiality impact and high integrity impact.
CVE-2024-20918 : An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality impact and high integrity impact.
CVE-2024-20921 : An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality impact.
CVSS Base score: 5.9
CVE-2024-20926 : An unspecified vulnerability in Java SE related to the Scripting component could allow a remote attacker to cause high confidentiality impact.
CVSS Base score: 5.9
CVE-2023-33850 : IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-20945 : An unspecified vulnerability in Java SE related to the VM component could allow a local authenticated attacker to cause high confidentiality impact.
Affected Versions:
IBM Java SDK Prior to 7.1.0.0 - 7.1.5.20
IBM Java SDK Prior to 8.0.0.0 - 8.0.8.15
QID Detection Logic (Authenticated):
The QID runs "java -version" command to check if vulnerable IBM Java is installed on the system.
Successful exploitation of this vulnerability may affect the Confidentiality, Integrity and availability..
- 7116432 -
www.ibm.com/support/pages/node/7116432
CVEs related to QID 379387
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| 7116432 |
www.ibm.com/support/pages/node/7116432 |