Summary
IBM Sterling Transformation Extender uses IBM Semeru Runtime Certified Edition, Version 17.

Vulnerability Details
CVEID: CVE-2025-21587
Description: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and high integrity impact.
CWE: CWE-284: Improper Access Control
CVSS Source: Oracle
CVSS Base score: 7.4
CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID: CVE-2025-30698
Description: An unspecified vulnerability in Java SE related to the 2D component could allow a remote attacker to cause low confidentiality, low integrity and low availability impact.
CWE: CWE-284: Improper Access Control
CVSS Source: Oracle
CVSS Base score: 5.6
CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2025-2900
Description: IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation.
CWE: CWE-122: Heap-based Buffer Overflow
CVSS Source: IBM
CVSS Base score: 7.5
CVSS Vector:  (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:

CVEID: CVE-2025-4447
Description: In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts.
CWE: CWE-121: Stack-based Buffer Overflow
CVSS Source: emo@eclipse.org
CVSS Base score: 7
CVSS Vector:(CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)