Integration News

IBM Sterling Connect:Direct for Unix is vulnerable to denial of service and unauthorized data access attacks due to IBM Runtime Environment Java Technology Edition V.8.

Vulnerability Details

 

CVEID: CVE-2024-21235

Description: Vulnerability in Java SE (component: Hotspot). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to accessible data as well as unauthorized read access to a subset of accessible data.

CVSS Source: Oracle
CVSS Base score: 4,8
CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID: CVE-2024-21217
Description:Vulnerability in Java SE (component: Serialization). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS).
CVSS Source: Oracle
CVSS Base score: 3,7
CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:  CVE-2024-21210
Description: Vulnerability in Java SE (component: Hotspot). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some accessible data.
CVSS Source: Oracle
CVSS Base score: 3,7
CVSS Vector:(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2024-21208
Description: Vulnerability in Java SE (component: Networking). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS).
CVSS Source: Oracle
CVSS Base score: 3,7
CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2024-10917
Description: In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters.
CVSS Source: NVD
CVSS Base score: 5,3
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Remediation/Fixes

Product

Affected Version

Remediation

IBM Sterling Connect:Direct for Unix

6.1.0

Apply 6.1.0.4.iFix119, available on Fix Central.

IBM Sterling Connect:Direct for Unix

6.2.0

Apply 6.2.0.7.iFix044, available on Fix Central.

Workarounds and Mitigations

None.

Click the button below to download this newsletter in PDF format.

home.b2b.solutions
Privacy Overview

This website uses cookies so that we can offer you the best possible user experience.
Cookie information is stored in your browser and performs functions such as recognizing you when you return to our website or helping our team understand which sections of the website you find most interesting and useful.