Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Semeru Runtime by IBM

    CVE-2025-2900 (GCVE-0-2025-2900)

    Vulnerability from nvd – Published: 2025-05-14 18:50 – Updated: 2025-08-28 14:12
    VLAI
    Title
    IBM Semeru Runtime denial of service
    Summary
    IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7233415 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Semeru Runtime Affected: 8.0.302.0 , ≤ 8.0.442.0 (semver)
    Affected: 11.0.12.0 , ≤ 11.0.26.0 (semver)
    Affected: 17.0.0.0 , ≤ 17.0.14.0 (semver)
    Affected: 21.0.0.0 , ≤ 21.0.6.0 (semver)
        cpe:2.3:a:ibm:semeru_runtime:8.0.302.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:semeru_runtime:8.0.442.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:semeru_runtime:11.0.12.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:semeru_runtime:11.0.26.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:semeru_runtime:17.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:semeru_runtime:17.0.14.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:semeru_runtime:21.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:semeru_runtime:21.0.6.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2900",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-14T19:42:43.060744Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-14T19:43:19.127Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:semeru_runtime:8.0.302.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:semeru_runtime:8.0.442.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:semeru_runtime:11.0.12.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:semeru_runtime:11.0.26.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:semeru_runtime:17.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:semeru_runtime:17.0.14.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:semeru_runtime:21.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:semeru_runtime:21.0.6.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Semeru Runtime",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.442.0",
                  "status": "affected",
                  "version": "8.0.302.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.0.26.0",
                  "status": "affected",
                  "version": "11.0.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "17.0.14.0",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "21.0.6.0",
                  "status": "affected",
                  "version": "21.0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation."
                }
              ],
              "value": "IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-28T14:12:21.020Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7233415"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Remediation/Fixes\u003cbr\u003e\u003cbr\u003e8.0.452.0\u003cbr\u003e11.0.27.0\u003cbr\u003e17.0.15.0\u003cbr\u003e21.0.7.0\u003cbr\u003e\u003cbr\u003eIBM Semeru Runtime releases can be downloaded from the GitHub repositories for Semeru 8, Semeru 11, Semeru 17, and Semeru 21 and from the IBM Semeru Developer Center.\u003cbr\u003e\u003cbr\u003eIBM customers requiring an update for an SDK shipped with an IBM product should contact IBM support, and/or refer to the appropriate product security bulletin.\u003cbr\u003e"
                }
              ],
              "value": "Remediation/Fixes\n\n8.0.452.0\n11.0.27.0\n17.0.15.0\n21.0.7.0\n\nIBM Semeru Runtime releases can be downloaded from the GitHub repositories for Semeru 8, Semeru 11, Semeru 17, and Semeru 21 and from the IBM Semeru Developer Center.\n\nIBM customers requiring an update for an SDK shipped with an IBM product should contact IBM support, and/or refer to the appropriate product security bulletin."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Semeru Runtime denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-2900",
        "datePublished": "2025-05-14T18:50:27.327Z",
        "dateReserved": "2025-03-28T02:06:38.367Z",
        "dateUpdated": "2025-08-28T14:12:21.020Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22361 (GCVE-0-2024-22361)

    Vulnerability from nvd – Published: 2024-02-10 15:13 – Updated: 2024-08-19 16:09
    VLAI
    Title
    IBM Semeru Runtime information disclosure
    Summary
    IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM Semeru Runtime Affected: 8.0.302.0 , ≤ 8.0.392.0 (semver)
    Affected: 11.0.12.0 , ≤ 11.0.21.0 (semver)
    Affected: 17.0.1.0 , ≤ 17.0.9.0 (semver)
    Affected: 21.0.1.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:43:34.525Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7116431"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/281222"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22361",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-19T16:09:33.481630Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-19T16:09:36.910Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Semeru Runtime",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.392.0",
                  "status": "affected",
                  "version": "8.0.302.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.0.21.0",
                  "status": "affected",
                  "version": "11.0.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "17.0.9.0",
                  "status": "affected",
                  "version": "17.0.1.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "21.0.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.  IBM X-Force ID:  281222."
                }
              ],
              "value": "IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.  IBM X-Force ID:  281222."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-10T15:13:01.991Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7116431"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/281222"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Semeru Runtime information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-22361",
        "datePublished": "2024-02-10T15:13:01.991Z",
        "dateReserved": "2024-01-08T23:42:36.759Z",
        "dateUpdated": "2024-08-19T16:09:36.910Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2900 (GCVE-0-2025-2900)

    Vulnerability from cvelistv5 – Published: 2025-05-14 18:50 – Updated: 2025-08-28 14:12
    VLAI
    Title
    IBM Semeru Runtime denial of service
    Summary
    IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7233415 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Semeru Runtime Affected: 8.0.302.0 , ≤ 8.0.442.0 (semver)
    Affected: 11.0.12.0 , ≤ 11.0.26.0 (semver)
    Affected: 17.0.0.0 , ≤ 17.0.14.0 (semver)
    Affected: 21.0.0.0 , ≤ 21.0.6.0 (semver)
        cpe:2.3:a:ibm:semeru_runtime:8.0.302.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:semeru_runtime:8.0.442.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:semeru_runtime:11.0.12.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:semeru_runtime:11.0.26.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:semeru_runtime:17.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:semeru_runtime:17.0.14.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:semeru_runtime:21.0.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:semeru_runtime:21.0.6.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2900",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-14T19:42:43.060744Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-14T19:43:19.127Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:semeru_runtime:8.0.302.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:semeru_runtime:8.0.442.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:semeru_runtime:11.0.12.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:semeru_runtime:11.0.26.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:semeru_runtime:17.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:semeru_runtime:17.0.14.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:semeru_runtime:21.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:semeru_runtime:21.0.6.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Semeru Runtime",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.442.0",
                  "status": "affected",
                  "version": "8.0.302.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.0.26.0",
                  "status": "affected",
                  "version": "11.0.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "17.0.14.0",
                  "status": "affected",
                  "version": "17.0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "21.0.6.0",
                  "status": "affected",
                  "version": "21.0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation."
                }
              ],
              "value": "IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-28T14:12:21.020Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7233415"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Remediation/Fixes\u003cbr\u003e\u003cbr\u003e8.0.452.0\u003cbr\u003e11.0.27.0\u003cbr\u003e17.0.15.0\u003cbr\u003e21.0.7.0\u003cbr\u003e\u003cbr\u003eIBM Semeru Runtime releases can be downloaded from the GitHub repositories for Semeru 8, Semeru 11, Semeru 17, and Semeru 21 and from the IBM Semeru Developer Center.\u003cbr\u003e\u003cbr\u003eIBM customers requiring an update for an SDK shipped with an IBM product should contact IBM support, and/or refer to the appropriate product security bulletin.\u003cbr\u003e"
                }
              ],
              "value": "Remediation/Fixes\n\n8.0.452.0\n11.0.27.0\n17.0.15.0\n21.0.7.0\n\nIBM Semeru Runtime releases can be downloaded from the GitHub repositories for Semeru 8, Semeru 11, Semeru 17, and Semeru 21 and from the IBM Semeru Developer Center.\n\nIBM customers requiring an update for an SDK shipped with an IBM product should contact IBM support, and/or refer to the appropriate product security bulletin."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Semeru Runtime denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-2900",
        "datePublished": "2025-05-14T18:50:27.327Z",
        "dateReserved": "2025-03-28T02:06:38.367Z",
        "dateUpdated": "2025-08-28T14:12:21.020Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22361 (GCVE-0-2024-22361)

    Vulnerability from cvelistv5 – Published: 2024-02-10 15:13 – Updated: 2024-08-19 16:09
    VLAI
    Title
    IBM Semeru Runtime information disclosure
    Summary
    IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM Semeru Runtime Affected: 8.0.302.0 , ≤ 8.0.392.0 (semver)
    Affected: 11.0.12.0 , ≤ 11.0.21.0 (semver)
    Affected: 17.0.1.0 , ≤ 17.0.9.0 (semver)
    Affected: 21.0.1.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:43:34.525Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7116431"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/281222"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22361",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-19T16:09:33.481630Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-19T16:09:36.910Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Semeru Runtime",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.392.0",
                  "status": "affected",
                  "version": "8.0.302.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "11.0.21.0",
                  "status": "affected",
                  "version": "11.0.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "17.0.9.0",
                  "status": "affected",
                  "version": "17.0.1.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "21.0.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.  IBM X-Force ID:  281222."
                }
              ],
              "value": "IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.  IBM X-Force ID:  281222."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-10T15:13:01.991Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7116431"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/281222"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Semeru Runtime information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-22361",
        "datePublished": "2024-02-10T15:13:01.991Z",
        "dateReserved": "2024-01-08T23:42:36.759Z",
        "dateUpdated": "2024-08-19T16:09:36.910Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }