Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-4447 (GCVE-0-2025-4447)
Vulnerability from cvelistv5 – Published: 2025-05-09 20:40 – Updated: 2025-05-10 01:46
VLAI
EPSS
Title
Buffer Overflow in Eclipse OpenJ9
Summary
In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Eclipse Foundation | OpenJ9 |
Affected:
0.8.0 , ≤ 0.49.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4447",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-10T01:46:36.961205Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-10T01:46:54.369Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenJ9",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThanOrEqual": "0.49.0",
"status": "affected",
"version": "0.8.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts.\u003cbr\u003e"
}
],
"value": "In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T20:40:25.953Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/61"
},
{
"url": "https://github.com/eclipse-openj9/openj9/pull/21762"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Buffer Overflow in Eclipse OpenJ9",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2025-4447",
"datePublished": "2025-05-09T20:40:25.953Z",
"dateReserved": "2025-05-08T18:35:35.538Z",
"dateUpdated": "2025-05-10T01:46:54.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-4447",
"date": "2026-06-06",
"epss": "0.00234",
"percentile": "0.46496"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-4447\",\"sourceIdentifier\":\"emo@eclipse.org\",\"published\":\"2025-05-09T21:15:51.410\",\"lastModified\":\"2025-09-05T16:19:49.587\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts.\"},{\"lang\":\"es\",\"value\":\"En versiones de Eclipse OpenJ9 hasta la 0.51, cuando se utiliza con OpenJDK versi\u00f3n 8, se puede producir un desbordamiento de b\u00fafer basado en pila al modificar un archivo en el disco que se lee cuando se inicia la JVM.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:openj9:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.8.0\",\"versionEndIncluding\":\"0.51.0\",\"matchCriteriaId\":\"D4F97445-62DE-4295-B963-E34C0FF5DF01\"}]}]}],\"references\":[{\"url\":\"https://github.com/eclipse-openj9/openj9/pull/21762\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://gitlab.eclipse.org/security/cve-assignement/-/issues/61\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-4447\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-10T01:46:36.961205Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-10T01:46:49.208Z\"}}], \"cna\": {\"title\": \"Buffer Overflow in Eclipse OpenJ9\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 7, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:H/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Eclipse Foundation\", \"product\": \"OpenJ9\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.8.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"0.49.0\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://gitlab.eclipse.org/security/cve-assignement/-/issues/61\"}, {\"url\": \"https://github.com/eclipse-openj9/openj9/pull/21762\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts.\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-121\", \"description\": \"CWE-121: Stack-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"shortName\": \"eclipse\", \"dateUpdated\": \"2025-05-09T20:40:25.953Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-4447\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-10T01:46:54.369Z\", \"dateReserved\": \"2025-05-08T18:35:35.538Z\", \"assignerOrgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"datePublished\": \"2025-05-09T20:40:25.953Z\", \"assignerShortName\": \"eclipse\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2025-AVI-1137
Vulnerability from certfr_avis - Published: 2025-12-26 - Updated: 2025-12-26
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Security QRadar Network Threat | Security QRadar Network Threat Analytics versions postérieures ou égales à 1.3.1 et antérieures à 1.4.2 | ||
| IBM | QRadar SIEM | Security QRadar Analyst Workflow versions postérieures à 2.32.0 et antérieures à 3.0.1 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct File Agent pour Solaris SPARC versions 1.4.x antérieures à 1.4.0.5_iFix002 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct File Agent pour AIX, Linux x64, Linux PPC et Windows versions postérieures à 1.4.0.2 et antérieures à 1.4.0.5_iFix001 | ||
| IBM | WebSphere | WebSphere Service Registry and Repository Studio versions 8.5.x antérieures à V8.5.6.3_IJ56659 | ||
| IBM | Db2 | Db2 Big SQL versions postérieures à 7.2.x sur Cloud Pack for Data 4.x versions antérieures à 7.7.3 sur Cloud Pack for Data 5.0.3 | ||
| IBM | WebSphere | WebSphere Service Registry and Repository sans les derniers correctifs de sécurité | ||
| IBM | Security QRadar SIEM | QRadar User Behavior Analytics versions postérieurs à 4.1.15 et antérieures à 5.0.3 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Security QRadar Network Threat Analytics versions post\u00e9rieures ou \u00e9gales \u00e0 1.3.1 et ant\u00e9rieures \u00e0 1.4.2",
"product": {
"name": "Security QRadar Network Threat",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar Analyst Workflow versions post\u00e9rieures \u00e0 2.32.0 et ant\u00e9rieures \u00e0 3.0.1",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct File Agent pour Solaris SPARC versions 1.4.x ant\u00e9rieures \u00e0 1.4.0.5_iFix002 ",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct File Agent pour AIX, Linux x64, Linux PPC et Windows versions post\u00e9rieures \u00e0 1.4.0.2 et ant\u00e9rieures \u00e0 1.4.0.5_iFix001",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Service Registry and Repository Studio versions 8.5.x ant\u00e9rieures \u00e0 V8.5.6.3_IJ56659",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": " Db2 Big SQL versions post\u00e9rieures \u00e0 7.2.x sur Cloud Pack for Data 4.x versions ant\u00e9rieures \u00e0 7.7.3 sur Cloud Pack for Data 5.0.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Service Registry and Repository sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar User Behavior Analytics versions post\u00e9rieurs \u00e0 4.1.15 et ant\u00e9rieures \u00e0 5.0.3",
"product": {
"name": "Security QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2015-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2015-8383",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8383"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2023-46167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46167"
},
{
"name": "CVE-2025-47279",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47279"
},
{
"name": "CVE-2023-45178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45178"
},
{
"name": "CVE-2021-23440",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23440"
},
{
"name": "CVE-2023-47701",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47701"
},
{
"name": "CVE-2023-40687",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40687"
},
{
"name": "CVE-2015-8381",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8381"
},
{
"name": "CVE-2015-8392",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8392"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2015-8395",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8395"
},
{
"name": "CVE-2025-54798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54798"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2015-8393",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8393"
},
{
"name": "CVE-2024-33883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33883"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2025-57822",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57822"
},
{
"name": "CVE-2025-67779",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67779"
},
{
"name": "CVE-2025-55183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55183"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2025-55173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55173"
},
{
"name": "CVE-2025-48068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48068"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2025-55182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55182"
},
{
"name": "CVE-2025-57752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57752"
},
{
"name": "CVE-2015-8388",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2023-40692",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40692"
},
{
"name": "CVE-2023-38003",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38003"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2025-9288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9288"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2015-8385",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
},
{
"name": "CVE-2015-8394",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
},
{
"name": "CVE-2015-8391",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
},
{
"name": "CVE-2015-8386",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
},
{
"name": "CVE-2015-8384",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8384"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2015-8387",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
},
{
"name": "CVE-2023-38727",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38727"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2023-29258",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29258"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2002-0059",
"url": "https://www.cve.org/CVERecord?id=CVE-2002-0059"
},
{
"name": "CVE-2023-43020",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43020"
},
{
"name": "CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2023-32731",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32731"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2015-2328",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2020-14155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
},
{
"name": "CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"name": "CVE-2015-8390",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2025-55184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55184"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
}
],
"initial_release_date": "2025-12-26T00:00:00",
"last_revision_date": "2025-12-26T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1137",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-12-19",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255497",
"url": "https://www.ibm.com/support/pages/node/7255497"
},
{
"published_at": "2025-12-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255727",
"url": "https://www.ibm.com/support/pages/node/7255727"
},
{
"published_at": "2025-12-19",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255495",
"url": "https://www.ibm.com/support/pages/node/7255495"
},
{
"published_at": "2025-12-19",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255496",
"url": "https://www.ibm.com/support/pages/node/7255496"
},
{
"published_at": "2025-12-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255723",
"url": "https://www.ibm.com/support/pages/node/7255723"
},
{
"published_at": "2025-12-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255557",
"url": "https://www.ibm.com/support/pages/node/7255557"
},
{
"published_at": "2025-12-19",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255410",
"url": "https://www.ibm.com/support/pages/node/7255410"
},
{
"published_at": "2025-12-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255729",
"url": "https://www.ibm.com/support/pages/node/7255729"
},
{
"published_at": "2025-12-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255556",
"url": "https://www.ibm.com/support/pages/node/7255556"
},
{
"published_at": "2025-12-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7255731",
"url": "https://www.ibm.com/support/pages/node/7255731"
}
]
}
CERTFR-2026-AVI-0131
Vulnerability from certfr_avis - Published: 2026-02-06 - Updated: 2026-02-06
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cloud Pak System | Cloud Pak System versions 2.3.4.x et postérieures, antérieures à 2.3.6.1 | ||
| IBM | Cognos Analytics | Cognos Command Center versions 10.2.4.x et 10.2.5.x antérieures à 10.2.5 FP1 IF2 | ||
| IBM | Db2 | DB2 sans le correctif de sécurité 11.5.9 Special Build 62071 | ||
| IBM | Db2 | DB2 Data Management Console antérieures à 3.1.13.1 | ||
| IBM | Db2 | DB2 Data Management Console on CPD versions antérieurs à 4.8 | ||
| IBM | Db2 | DB2 Recovery Expert for LUW version 5.5 IF2 sans le correctif de sécurité v5.5.0.1 Interim Fix 8 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cloud Pak System versions 2.3.4.x et post\u00e9rieures, ant\u00e9rieures \u00e0 2.3.6.1",
"product": {
"name": "Cloud Pak System",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Command Center versions 10.2.4.x et 10.2.5.x ant\u00e9rieures \u00e0 10.2.5 FP1 IF2",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 sans le correctif de s\u00e9curit\u00e9 11.5.9 Special Build 62071",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console ant\u00e9rieures \u00e0 3.1.13.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console on CPD versions ant\u00e9rieurs \u00e0 4.8",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Recovery Expert for LUW version 5.5 IF2 sans le correctif de s\u00e9curit\u00e9 v5.5.0.1 Interim Fix 8",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2024-51473",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51473"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2024-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-33092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33092"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2025-7962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2025-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27903"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2025-33143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33143"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-10917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2022-40609",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2026-1188",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
},
{
"name": "CVE-2023-25173",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25173"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2025-1948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1948"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2023-25153",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2024-49828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49828"
},
{
"name": "CVE-2015-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3627"
},
{
"name": "CVE-2025-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27904"
},
{
"name": "CVE-2025-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27533"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2025-36071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36071"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2025-27900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27900"
},
{
"name": "CVE-2022-23471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
},
{
"name": "CVE-2025-27899",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27899"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2025-27901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27901"
},
{
"name": "CVE-2024-52894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52894"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2025-27898",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27898"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
}
],
"initial_release_date": "2026-02-06T00:00:00",
"last_revision_date": "2026-02-06T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0131",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7259447",
"url": "https://www.ibm.com/support/pages/node/7259447"
},
{
"published_at": "2026-01-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7253572",
"url": "https://www.ibm.com/support/pages/node/7253572"
},
{
"published_at": "2026-02-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257780",
"url": "https://www.ibm.com/support/pages/node/7257780"
},
{
"published_at": "2026-02-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7259901",
"url": "https://www.ibm.com/support/pages/node/7259901"
},
{
"published_at": "2026-02-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7259526",
"url": "https://www.ibm.com/support/pages/node/7259526"
}
]
}
CERTFR-2026-AVI-0249
Vulnerability from certfr_avis - Published: 2026-03-06 - Updated: 2026-03-06
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | QRadar Data Synchronization App versions antérieures à 3.3.0 | ||
| IBM | Db2 | DB2 Data Management Console versions antérieures à 3.1.13 | ||
| IBM | Tivoli | Tivoli Netcool/OMNIbus_GUI sans le dernier correctif de sécurité | ||
| IBM | Db2 | DB2 Recovery Expert versions antérieures à 5.5.0.1 Interim Fix 8 | ||
| IBM | Db2 | Db2 Warehouse on Cloud Pak for Data versions antérieures à 5.3.1 | ||
| IBM | Db2 | Db2 on Cloud Pak for Data versions antérieures à 5.3.1 | ||
| IBM | QRadar | QRadar Pre-Validation App versions antérieures à 2.0.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar Data Synchronization App versions ant\u00e9rieures \u00e0 3.3.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console versions ant\u00e9rieures \u00e0 3.1.13",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Tivoli Netcool/OMNIbus_GUI sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Recovery Expert versions ant\u00e9rieures \u00e0 5.5.0.1 Interim Fix 8",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.3.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.3.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Pre-Validation App versions ant\u00e9rieures \u00e0 2.0.2",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"name": "CVE-2021-33036",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33036"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2025-53547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53547"
},
{
"name": "CVE-2025-36353",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36353"
},
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"name": "CVE-2025-58190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58190"
},
{
"name": "CVE-2024-6531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6531"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2016-0703",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0703"
},
{
"name": "CVE-2025-5222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5222"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2025-13867",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13867"
},
{
"name": "CVE-2025-2668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2668"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-36427",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36427"
},
{
"name": "CVE-2024-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
},
{
"name": "CVE-2025-32386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32386"
},
{
"name": "CVE-2024-35176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35176"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"name": "CVE-2025-32421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32421"
},
{
"name": "CVE-2025-47944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47944"
},
{
"name": "CVE-2024-3154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3154"
},
{
"name": "CVE-2024-57980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57980"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2025-36384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36384"
},
{
"name": "CVE-2025-36098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36098"
},
{
"name": "CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2025-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36184"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2016-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0800"
},
{
"name": "CVE-2024-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2025-22121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22121"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-49128",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49128"
},
{
"name": "CVE-2025-22091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22091"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2025-36247",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36247"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2025-36009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36009"
},
{
"name": "CVE-2016-9318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
},
{
"name": "CVE-2024-51479",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51479"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2025-36070",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36070"
},
{
"name": "CVE-2022-46337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46337"
},
{
"name": "CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2025-36428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36428"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2025-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21613"
},
{
"name": "CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2025-36424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36424"
},
{
"name": "CVE-2025-36387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36387"
},
{
"name": "CVE-2019-19921",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19921"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2025-64329",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64329"
},
{
"name": "CVE-2025-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27903"
},
{
"name": "CVE-2015-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1283"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-37958",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37958"
},
{
"name": "CVE-2023-22041",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22041"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2016-4472",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4472"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-10917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
},
{
"name": "CVE-2024-9042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9042"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2024-31141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31141"
},
{
"name": "CVE-2025-30691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30691"
},
{
"name": "CVE-2025-57822",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57822"
},
{
"name": "CVE-2024-53113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53113"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2025-67779",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67779"
},
{
"name": "CVE-2022-32743",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32743"
},
{
"name": "CVE-2025-55183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55183"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2024-12085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12085"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2023-22043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22043"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"name": "CVE-2024-36621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36621"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2025-55173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55173"
},
{
"name": "CVE-2024-40635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40635"
},
{
"name": "CVE-2024-48910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48910"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2025-38086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38086"
},
{
"name": "CVE-2025-48068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48068"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2022-40609",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
},
{
"name": "CVE-2018-5764",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5764"
},
{
"name": "CVE-2024-50264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50264"
},
{
"name": "CVE-2025-57752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57752"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2025-38110",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38110"
},
{
"name": "CVE-2020-15115",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15115"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2025-22113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22113"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2025-5187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5187"
},
{
"name": "CVE-2026-1188",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
},
{
"name": "CVE-2025-37797",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
},
{
"name": "CVE-2012-2098",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2098"
},
{
"name": "CVE-2024-41909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41909"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2023-35887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35887"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2024-56332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56332"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2026-25765",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25765"
},
{
"name": "CVE-2025-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7039"
},
{
"name": "CVE-2022-29458",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29458"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2025-38089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38089"
},
{
"name": "CVE-2023-2727",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2727"
},
{
"name": "CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2025-36425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36425"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2021-37404",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37404"
},
{
"name": "CVE-2025-58457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58457"
},
{
"name": "CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"name": "CVE-2025-47935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47935"
},
{
"name": "CVE-2025-22085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22085"
},
{
"name": "CVE-2025-50537",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50537"
},
{
"name": "CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21626"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2016-0704",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0704"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2025-54410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
},
{
"name": "CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2022-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29154"
},
{
"name": "CVE-2025-1767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1767"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-36001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36001"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2024-47875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"name": "CVE-2025-24294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2024-25621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25621"
},
{
"name": "CVE-2025-36365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36365"
},
{
"name": "CVE-2023-42503",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42503"
},
{
"name": "CVE-2025-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27904"
},
{
"name": "CVE-2025-32387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32387"
},
{
"name": "CVE-2025-58058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58058"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2025-36442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36442"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-21905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21905"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-7339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
},
{
"name": "CVE-2025-14689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14689"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2024-47072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47072"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2025-36366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36366"
},
{
"name": "CVE-2025-36123",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36123"
},
{
"name": "CVE-2025-27900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27900"
},
{
"name": "CVE-2025-0426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0426"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2025-27899",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27899"
},
{
"name": "CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"name": "CVE-2023-22044",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22044"
},
{
"name": "CVE-2025-48997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48997"
},
{
"name": "CVE-2025-27901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27901"
},
{
"name": "CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"name": "CVE-2021-22570",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22570"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2025-48387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2025-27898",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27898"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2023-2728",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2728"
},
{
"name": "CVE-2024-7143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7143"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2025-36407",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36407"
},
{
"name": "CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"name": "CVE-2025-55184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55184"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2025-59343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
},
{
"name": "CVE-2024-36623",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36623"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2024-36620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36620"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2021-20251",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20251"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
}
],
"initial_release_date": "2026-03-06T00:00:00",
"last_revision_date": "2026-03-06T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0249",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-03-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262753",
"url": "https://www.ibm.com/support/pages/node/7262753"
},
{
"published_at": "2026-03-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262754",
"url": "https://www.ibm.com/support/pages/node/7262754"
},
{
"published_at": "2026-03-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262324",
"url": "https://www.ibm.com/support/pages/node/7262324"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262669",
"url": "https://www.ibm.com/support/pages/node/7262669"
},
{
"published_at": "2026-03-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262494",
"url": "https://www.ibm.com/support/pages/node/7262494"
},
{
"published_at": "2026-03-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262548",
"url": "https://www.ibm.com/support/pages/node/7262548"
},
{
"published_at": "2026-03-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262325",
"url": "https://www.ibm.com/support/pages/node/7262325"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7259901",
"url": "https://www.ibm.com/support/pages/node/7259901"
}
]
}
CERTFR-2026-AVI-0606
Vulnerability from certfr_avis - Published: 2026-05-15 - Updated: 2026-05-15
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x sans le correctif de sécurité Fix Pack 7 | ||
| IBM | N/A | Robotic Process Automation for Cloud Pak versions 30.0.x antérieures à 30.0.2 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.1.x antérieures à 12.1.2 | ||
| IBM | N/A | Robotic Process Automation for Cloud Pak versions 23.0.x antérieures à 23.0.20.6 | ||
| IBM | AIX | Open SDK for Rust on AIX versions 1.90.0.0 et 1.92.0.0 sans le correctif de sécurité Fix Pack 1 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x sans le correctif de sécurité Fix Pack 2 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cognos Analytics versions 11.2.x sans le correctif de s\u00e9curit\u00e9 Fix Pack 7",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Robotic Process Automation for Cloud Pak versions 30.0.x ant\u00e9rieures \u00e0 30.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.1.x ant\u00e9rieures \u00e0 12.1.2",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Robotic Process Automation for Cloud Pak versions 23.0.x ant\u00e9rieures \u00e0 23.0.20.6",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Open SDK for Rust on AIX versions 1.90.0.0 et 1.92.0.0 sans le correctif de s\u00e9curit\u00e9 Fix Pack 1",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x sans le correctif de s\u00e9curit\u00e9 Fix Pack 2",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2025-30167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30167"
},
{
"name": "CVE-2025-56200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-56200"
},
{
"name": "CVE-2025-7207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7207"
},
{
"name": "CVE-2024-6866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6866"
},
{
"name": "CVE-2025-7962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
},
{
"name": "CVE-2025-54798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54798"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-3633",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3633"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2025-12875",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12875"
},
{
"name": "CVE-2024-6844",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6844"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2026-1188",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2025-68146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68146"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2025-12635",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12635"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2024-29371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
},
{
"name": "CVE-2024-56339",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56339"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-14914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14914"
},
{
"name": "CVE-2025-2900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2900"
},
{
"name": "CVE-2024-6839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6839"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2025-36126",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36126"
}
],
"initial_release_date": "2026-05-15T00:00:00",
"last_revision_date": "2026-05-15T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0606",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7272628",
"url": "https://www.ibm.com/support/pages/node/7272628"
},
{
"published_at": "2026-05-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7272965",
"url": "https://www.ibm.com/support/pages/node/7272965"
},
{
"published_at": "2026-05-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7272446",
"url": "https://www.ibm.com/support/pages/node/7272446"
}
]
}
FKIE_CVE-2025-4447
Vulnerability from fkie_nvd - Published: 2025-05-09 21:15 - Updated: 2025-09-05 16:19
Severity
Summary
In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts.
References
| URL | Tags | ||
|---|---|---|---|
| emo@eclipse.org | https://github.com/eclipse-openj9/openj9/pull/21762 | Issue Tracking | |
| emo@eclipse.org | https://gitlab.eclipse.org/security/cve-assignement/-/issues/61 | Issue Tracking, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eclipse:openj9:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4F97445-62DE-4295-B963-E34C0FF5DF01",
"versionEndIncluding": "0.51.0",
"versionStartIncluding": "0.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts."
},
{
"lang": "es",
"value": "En versiones de Eclipse OpenJ9 hasta la 0.51, cuando se utiliza con OpenJDK versi\u00f3n 8, se puede producir un desbordamiento de b\u00fafer basado en pila al modificar un archivo en el disco que se lee cuando se inicia la JVM."
}
],
"id": "CVE-2025-4447",
"lastModified": "2025-09-05T16:19:49.587",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "emo@eclipse.org",
"type": "Secondary"
}
]
},
"published": "2025-05-09T21:15:51.410",
"references": [
{
"source": "emo@eclipse.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/eclipse-openj9/openj9/pull/21762"
},
{
"source": "emo@eclipse.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/61"
}
],
"sourceIdentifier": "emo@eclipse.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "emo@eclipse.org",
"type": "Secondary"
}
]
}
GHSA-WMVG-C6FC-33C8
Vulnerability from github – Published: 2025-05-09 21:31 – Updated: 2025-07-31 18:31
VLAI
Details
In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts.
Severity
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2025-4447"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-09T21:15:51Z",
"severity": "HIGH"
},
"details": "In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts.",
"id": "GHSA-wmvg-c6fc-33c8",
"modified": "2025-07-31T18:31:56Z",
"published": "2025-05-09T21:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4447"
},
{
"type": "WEB",
"url": "https://github.com/eclipse-openj9/openj9/pull/21762"
},
{
"type": "WEB",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/61"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
NCSC-2025-0269
Vulnerability from csaf_ncscnl - Published: 2025-08-27 13:10 - Updated: 2025-08-27 13:10Summary
Kwetsbaarheden verholpen in IBM Cognos Command Center
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: IBM heeft kwetsbaarheden verholpen in IBM Cognos Command Center (Versies 10.2.4.1 en 10.2.5).
Interpretaties: De kwetsbaarheden in IBM Cognos Command Center stellen kwaadwillenden in staat om klikacties van slachtoffers te kapen door hen te misleiden naar een kwaadaardige website te navigeren. Dit kan leiden tot verdere aanvallen die de integriteit van gebruikersinteracties in gevaar brengen. Daarnaast kunnen lokale gebruikers willekeurige code uitvoeren door een onveilige implementatie van de BinaryFormatter-functie. Ook is er een open redirect-mechanisme aanwezig dat kan worden misbruikt voor phishing-aanvallen, wat kan resulteren in het compromitteren van gevoelige informatie. Het is niet ondenkbaar, dat het misbruiken in keten een kwaadwillende in staat kan stellen om zonder voorafgaande authenticatie willekeurige code uit te voeren met rechten van het slachtoffer en toegang te krijgen tot gevoelige gegevens.
Oplossingen: IBM heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-121: Stack-based Buffer Overflow
CWE-122: Heap-based Buffer Overflow
CWE-242: Use of Inherently Dangerous Function
CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CWE-787: Out-of-bounds Write
CWE-1021: Improper Restriction of Rendered UI Layers or Frames
6.1 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/10.2.4.1
IBM / Cognos Command Center
|
cpe:2.3:a:ibm:cognos_command_center:10.2.4.1:*:*:*:*:*:*:*
|
vers:unknown/10.2.4.1 | |
|
vers:unknown/10.2.5
IBM / Cognos Command Center
|
cpe:2.3:a:ibm:cognos_command_center:10.2.4.1:*:*:*:*:*:*:*
|
vers:unknown/10.2.5 |
7.8 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/10.2.4.1
IBM / Cognos Command Center
|
cpe:2.3:a:ibm:cognos_command_center:10.2.4.1:*:*:*:*:*:*:*
|
vers:unknown/10.2.4.1 | |
|
vers:unknown/10.2.5
IBM / Cognos Command Center
|
cpe:2.3:a:ibm:cognos_command_center:10.2.4.1:*:*:*:*:*:*:*
|
vers:unknown/10.2.5 |
7.4 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/10.2.4.1
IBM / Cognos Command Center
|
cpe:2.3:a:ibm:cognos_command_center:10.2.4.1:*:*:*:*:*:*:*
|
vers:unknown/10.2.4.1 | |
|
vers:unknown/10.2.5
IBM / Cognos Command Center
|
cpe:2.3:a:ibm:cognos_command_center:10.2.4.1:*:*:*:*:*:*:*
|
vers:unknown/10.2.5 |
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/10.2.4.1
IBM / Cognos Command Center
|
cpe:2.3:a:ibm:cognos_command_center:10.2.4.1:*:*:*:*:*:*:*
|
vers:unknown/10.2.4.1 | |
|
vers:unknown/10.2.5
IBM / Cognos Command Center
|
cpe:2.3:a:ibm:cognos_command_center:10.2.4.1:*:*:*:*:*:*:*
|
vers:unknown/10.2.5 |
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/10.2.4.1
IBM / Cognos Command Center
|
cpe:2.3:a:ibm:cognos_command_center:10.2.4.1:*:*:*:*:*:*:*
|
vers:unknown/10.2.4.1 | |
|
vers:unknown/10.2.5
IBM / Cognos Command Center
|
cpe:2.3:a:ibm:cognos_command_center:10.2.4.1:*:*:*:*:*:*:*
|
vers:unknown/10.2.5 |
References
6 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "IBM heeft kwetsbaarheden verholpen in IBM Cognos Command Center (Versies 10.2.4.1 en 10.2.5).",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden in IBM Cognos Command Center stellen kwaadwillenden in staat om klikacties van slachtoffers te kapen door hen te misleiden naar een kwaadaardige website te navigeren. Dit kan leiden tot verdere aanvallen die de integriteit van gebruikersinteracties in gevaar brengen. Daarnaast kunnen lokale gebruikers willekeurige code uitvoeren door een onveilige implementatie van de BinaryFormatter-functie. Ook is er een open redirect-mechanisme aanwezig dat kan worden misbruikt voor phishing-aanvallen, wat kan resulteren in het compromitteren van gevoelige informatie. Het is niet ondenkbaar, dat het misbruiken in keten een kwaadwillende in staat kan stellen om zonder voorafgaande authenticatie willekeurige code uit te voeren met rechten van het slachtoffer en toegang te krijgen tot gevoelige gegevens.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "IBM heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Use of Inherently Dangerous Function",
"title": "CWE-242"
},
{
"category": "general",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Improper Restriction of Rendered UI Layers or Frames",
"title": "CWE-1021"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.ibm.com/support/pages/node/7242159"
}
],
"title": "Kwetsbaarheden verholpen in IBM Cognos Command Center",
"tracking": {
"current_release_date": "2025-08-27T13:10:59.965070Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.2"
}
},
"id": "NCSC-2025-0269",
"initial_release_date": "2025-08-27T13:10:59.965070Z",
"revision_history": [
{
"date": "2025-08-27T13:10:59.965070Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/10.2.4.1",
"product": {
"name": "vers:unknown/10.2.4.1",
"product_id": "CSAFPID-109726",
"product_identification_helper": {
"cpe": "cpe:2.3:a:ibm:cognos_command_center:10.2.4.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:unknown/10.2.5",
"product": {
"name": "vers:unknown/10.2.5",
"product_id": "CSAFPID-109727",
"product_identification_helper": {
"cpe": "cpe:2.3:a:ibm:cognos_command_center:10.2.4.1:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Cognos Command Center"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-1494",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Rendered UI Layers or Frames",
"title": "CWE-1021"
}
],
"product_status": {
"known_affected": [
"CSAFPID-109726",
"CSAFPID-109727"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-1494 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-1494.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-109726",
"CSAFPID-109727"
]
}
],
"title": "CVE-2025-1494"
},
{
"cve": "CVE-2025-1994",
"cwe": {
"id": "CWE-242",
"name": "Use of Inherently Dangerous Function"
},
"notes": [
{
"category": "other",
"text": "Use of Inherently Dangerous Function",
"title": "CWE-242"
}
],
"product_status": {
"known_affected": [
"CSAFPID-109726",
"CSAFPID-109727"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-1994 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-1994.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-109726",
"CSAFPID-109727"
]
}
],
"title": "CVE-2025-1994"
},
{
"cve": "CVE-2025-2697",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"notes": [
{
"category": "other",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
}
],
"product_status": {
"known_affected": [
"CSAFPID-109726",
"CSAFPID-109727"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-2697 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-2697.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-109726",
"CSAFPID-109727"
]
}
],
"title": "CVE-2025-2697"
},
{
"cve": "CVE-2025-2900",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-109726",
"CSAFPID-109727"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-2900 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-2900.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-109726",
"CSAFPID-109727"
]
}
],
"title": "CVE-2025-2900"
},
{
"cve": "CVE-2025-4447",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-109726",
"CSAFPID-109727"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4447 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4447.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-109726",
"CSAFPID-109727"
]
}
],
"title": "CVE-2025-4447"
}
]
}
OPENSUSE-SU-2025:15231-1
Vulnerability from csaf_opensuse - Published: 2025-07-03 00:00 - Updated: 2025-07-03 00:00Summary
java-1_8_0-openj9-1.8.0.452-3.1 on GA media
Severity
Moderate
Notes
Title of the patch: java-1_8_0-openj9-1.8.0.452-3.1 on GA media
Description of the patch: These are all security issues fixed in the java-1_8_0-openj9-1.8.0.452-3.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15231
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.452-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.452-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.452-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.452-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.452-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.452-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.452-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.452-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.452-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.452-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.452-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.452-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.452-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.452-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.452-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.452-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.452-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.452-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.452-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.452-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.452-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.452-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.452-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.452-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.452-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.452-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.452-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.452-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "java-1_8_0-openj9-1.8.0.452-3.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the java-1_8_0-openj9-1.8.0.452-3.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15231",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15231-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4447 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4447/"
}
],
"title": "java-1_8_0-openj9-1.8.0.452-3.1 on GA media",
"tracking": {
"current_release_date": "2025-07-03T00:00:00Z",
"generator": {
"date": "2025-07-03T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15231-1",
"initial_release_date": "2025-07-03T00:00:00Z",
"revision_history": [
{
"date": "2025-07-03T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "java-1_8_0-openj9-1.8.0.452-3.1.aarch64",
"product": {
"name": "java-1_8_0-openj9-1.8.0.452-3.1.aarch64",
"product_id": "java-1_8_0-openj9-1.8.0.452-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openj9-accessibility-1.8.0.452-3.1.aarch64",
"product": {
"name": "java-1_8_0-openj9-accessibility-1.8.0.452-3.1.aarch64",
"product_id": "java-1_8_0-openj9-accessibility-1.8.0.452-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openj9-demo-1.8.0.452-3.1.aarch64",
"product": {
"name": "java-1_8_0-openj9-demo-1.8.0.452-3.1.aarch64",
"product_id": "java-1_8_0-openj9-demo-1.8.0.452-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openj9-devel-1.8.0.452-3.1.aarch64",
"product": {
"name": "java-1_8_0-openj9-devel-1.8.0.452-3.1.aarch64",
"product_id": "java-1_8_0-openj9-devel-1.8.0.452-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openj9-headless-1.8.0.452-3.1.aarch64",
"product": {
"name": "java-1_8_0-openj9-headless-1.8.0.452-3.1.aarch64",
"product_id": "java-1_8_0-openj9-headless-1.8.0.452-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openj9-javadoc-1.8.0.452-3.1.aarch64",
"product": {
"name": "java-1_8_0-openj9-javadoc-1.8.0.452-3.1.aarch64",
"product_id": "java-1_8_0-openj9-javadoc-1.8.0.452-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openj9-src-1.8.0.452-3.1.aarch64",
"product": {
"name": "java-1_8_0-openj9-src-1.8.0.452-3.1.aarch64",
"product_id": "java-1_8_0-openj9-src-1.8.0.452-3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1_8_0-openj9-1.8.0.452-3.1.ppc64le",
"product": {
"name": "java-1_8_0-openj9-1.8.0.452-3.1.ppc64le",
"product_id": "java-1_8_0-openj9-1.8.0.452-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openj9-accessibility-1.8.0.452-3.1.ppc64le",
"product": {
"name": "java-1_8_0-openj9-accessibility-1.8.0.452-3.1.ppc64le",
"product_id": "java-1_8_0-openj9-accessibility-1.8.0.452-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openj9-demo-1.8.0.452-3.1.ppc64le",
"product": {
"name": "java-1_8_0-openj9-demo-1.8.0.452-3.1.ppc64le",
"product_id": "java-1_8_0-openj9-demo-1.8.0.452-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openj9-devel-1.8.0.452-3.1.ppc64le",
"product": {
"name": "java-1_8_0-openj9-devel-1.8.0.452-3.1.ppc64le",
"product_id": "java-1_8_0-openj9-devel-1.8.0.452-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openj9-headless-1.8.0.452-3.1.ppc64le",
"product": {
"name": "java-1_8_0-openj9-headless-1.8.0.452-3.1.ppc64le",
"product_id": "java-1_8_0-openj9-headless-1.8.0.452-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openj9-javadoc-1.8.0.452-3.1.ppc64le",
"product": {
"name": "java-1_8_0-openj9-javadoc-1.8.0.452-3.1.ppc64le",
"product_id": "java-1_8_0-openj9-javadoc-1.8.0.452-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openj9-src-1.8.0.452-3.1.ppc64le",
"product": {
"name": "java-1_8_0-openj9-src-1.8.0.452-3.1.ppc64le",
"product_id": "java-1_8_0-openj9-src-1.8.0.452-3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1_8_0-openj9-1.8.0.452-3.1.s390x",
"product": {
"name": "java-1_8_0-openj9-1.8.0.452-3.1.s390x",
"product_id": "java-1_8_0-openj9-1.8.0.452-3.1.s390x"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openj9-accessibility-1.8.0.452-3.1.s390x",
"product": {
"name": "java-1_8_0-openj9-accessibility-1.8.0.452-3.1.s390x",
"product_id": "java-1_8_0-openj9-accessibility-1.8.0.452-3.1.s390x"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openj9-demo-1.8.0.452-3.1.s390x",
"product": {
"name": "java-1_8_0-openj9-demo-1.8.0.452-3.1.s390x",
"product_id": "java-1_8_0-openj9-demo-1.8.0.452-3.1.s390x"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openj9-devel-1.8.0.452-3.1.s390x",
"product": {
"name": "java-1_8_0-openj9-devel-1.8.0.452-3.1.s390x",
"product_id": "java-1_8_0-openj9-devel-1.8.0.452-3.1.s390x"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openj9-headless-1.8.0.452-3.1.s390x",
"product": {
"name": "java-1_8_0-openj9-headless-1.8.0.452-3.1.s390x",
"product_id": "java-1_8_0-openj9-headless-1.8.0.452-3.1.s390x"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openj9-javadoc-1.8.0.452-3.1.s390x",
"product": {
"name": "java-1_8_0-openj9-javadoc-1.8.0.452-3.1.s390x",
"product_id": "java-1_8_0-openj9-javadoc-1.8.0.452-3.1.s390x"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openj9-src-1.8.0.452-3.1.s390x",
"product": {
"name": "java-1_8_0-openj9-src-1.8.0.452-3.1.s390x",
"product_id": "java-1_8_0-openj9-src-1.8.0.452-3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1_8_0-openj9-1.8.0.452-3.1.x86_64",
"product": {
"name": "java-1_8_0-openj9-1.8.0.452-3.1.x86_64",
"product_id": "java-1_8_0-openj9-1.8.0.452-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openj9-accessibility-1.8.0.452-3.1.x86_64",
"product": {
"name": "java-1_8_0-openj9-accessibility-1.8.0.452-3.1.x86_64",
"product_id": "java-1_8_0-openj9-accessibility-1.8.0.452-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openj9-demo-1.8.0.452-3.1.x86_64",
"product": {
"name": "java-1_8_0-openj9-demo-1.8.0.452-3.1.x86_64",
"product_id": "java-1_8_0-openj9-demo-1.8.0.452-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openj9-devel-1.8.0.452-3.1.x86_64",
"product": {
"name": "java-1_8_0-openj9-devel-1.8.0.452-3.1.x86_64",
"product_id": "java-1_8_0-openj9-devel-1.8.0.452-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openj9-headless-1.8.0.452-3.1.x86_64",
"product": {
"name": "java-1_8_0-openj9-headless-1.8.0.452-3.1.x86_64",
"product_id": "java-1_8_0-openj9-headless-1.8.0.452-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openj9-javadoc-1.8.0.452-3.1.x86_64",
"product": {
"name": "java-1_8_0-openj9-javadoc-1.8.0.452-3.1.x86_64",
"product_id": "java-1_8_0-openj9-javadoc-1.8.0.452-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-openj9-src-1.8.0.452-3.1.x86_64",
"product": {
"name": "java-1_8_0-openj9-src-1.8.0.452-3.1.x86_64",
"product_id": "java-1_8_0-openj9-src-1.8.0.452-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openj9-1.8.0.452-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.452-3.1.aarch64"
},
"product_reference": "java-1_8_0-openj9-1.8.0.452-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openj9-1.8.0.452-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.452-3.1.ppc64le"
},
"product_reference": "java-1_8_0-openj9-1.8.0.452-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openj9-1.8.0.452-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.452-3.1.s390x"
},
"product_reference": "java-1_8_0-openj9-1.8.0.452-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openj9-1.8.0.452-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.452-3.1.x86_64"
},
"product_reference": "java-1_8_0-openj9-1.8.0.452-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openj9-accessibility-1.8.0.452-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.452-3.1.aarch64"
},
"product_reference": "java-1_8_0-openj9-accessibility-1.8.0.452-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openj9-accessibility-1.8.0.452-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.452-3.1.ppc64le"
},
"product_reference": "java-1_8_0-openj9-accessibility-1.8.0.452-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openj9-accessibility-1.8.0.452-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.452-3.1.s390x"
},
"product_reference": "java-1_8_0-openj9-accessibility-1.8.0.452-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openj9-accessibility-1.8.0.452-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.452-3.1.x86_64"
},
"product_reference": "java-1_8_0-openj9-accessibility-1.8.0.452-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openj9-demo-1.8.0.452-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.452-3.1.aarch64"
},
"product_reference": "java-1_8_0-openj9-demo-1.8.0.452-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openj9-demo-1.8.0.452-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.452-3.1.ppc64le"
},
"product_reference": "java-1_8_0-openj9-demo-1.8.0.452-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openj9-demo-1.8.0.452-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.452-3.1.s390x"
},
"product_reference": "java-1_8_0-openj9-demo-1.8.0.452-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openj9-demo-1.8.0.452-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.452-3.1.x86_64"
},
"product_reference": "java-1_8_0-openj9-demo-1.8.0.452-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openj9-devel-1.8.0.452-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.452-3.1.aarch64"
},
"product_reference": "java-1_8_0-openj9-devel-1.8.0.452-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openj9-devel-1.8.0.452-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.452-3.1.ppc64le"
},
"product_reference": "java-1_8_0-openj9-devel-1.8.0.452-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openj9-devel-1.8.0.452-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.452-3.1.s390x"
},
"product_reference": "java-1_8_0-openj9-devel-1.8.0.452-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openj9-devel-1.8.0.452-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.452-3.1.x86_64"
},
"product_reference": "java-1_8_0-openj9-devel-1.8.0.452-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openj9-headless-1.8.0.452-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.452-3.1.aarch64"
},
"product_reference": "java-1_8_0-openj9-headless-1.8.0.452-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openj9-headless-1.8.0.452-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.452-3.1.ppc64le"
},
"product_reference": "java-1_8_0-openj9-headless-1.8.0.452-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openj9-headless-1.8.0.452-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.452-3.1.s390x"
},
"product_reference": "java-1_8_0-openj9-headless-1.8.0.452-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openj9-headless-1.8.0.452-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.452-3.1.x86_64"
},
"product_reference": "java-1_8_0-openj9-headless-1.8.0.452-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openj9-javadoc-1.8.0.452-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.452-3.1.aarch64"
},
"product_reference": "java-1_8_0-openj9-javadoc-1.8.0.452-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openj9-javadoc-1.8.0.452-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.452-3.1.ppc64le"
},
"product_reference": "java-1_8_0-openj9-javadoc-1.8.0.452-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openj9-javadoc-1.8.0.452-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.452-3.1.s390x"
},
"product_reference": "java-1_8_0-openj9-javadoc-1.8.0.452-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openj9-javadoc-1.8.0.452-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.452-3.1.x86_64"
},
"product_reference": "java-1_8_0-openj9-javadoc-1.8.0.452-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openj9-src-1.8.0.452-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.452-3.1.aarch64"
},
"product_reference": "java-1_8_0-openj9-src-1.8.0.452-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openj9-src-1.8.0.452-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.452-3.1.ppc64le"
},
"product_reference": "java-1_8_0-openj9-src-1.8.0.452-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openj9-src-1.8.0.452-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.452-3.1.s390x"
},
"product_reference": "java-1_8_0-openj9-src-1.8.0.452-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-openj9-src-1.8.0.452-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.452-3.1.x86_64"
},
"product_reference": "java-1_8_0-openj9-src-1.8.0.452-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4447",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4447"
}
],
"notes": [
{
"category": "general",
"text": "In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.452-3.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.452-3.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.452-3.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.452-3.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.452-3.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.452-3.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.452-3.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.452-3.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.452-3.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.452-3.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.452-3.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.452-3.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.452-3.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.452-3.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.452-3.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.452-3.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.452-3.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.452-3.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.452-3.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.452-3.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.452-3.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.452-3.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.452-3.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.452-3.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.452-3.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.452-3.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.452-3.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.452-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4447",
"url": "https://www.suse.com/security/cve/CVE-2025-4447"
},
{
"category": "external",
"summary": "SUSE Bug 1243429 for CVE-2025-4447",
"url": "https://bugzilla.suse.com/1243429"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.452-3.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.452-3.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.452-3.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.452-3.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.452-3.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.452-3.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.452-3.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.452-3.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.452-3.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.452-3.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.452-3.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.452-3.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.452-3.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.452-3.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.452-3.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.452-3.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.452-3.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.452-3.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.452-3.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.452-3.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.452-3.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.452-3.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.452-3.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.452-3.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.452-3.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.452-3.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.452-3.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.452-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.452-3.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.452-3.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.452-3.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.452-3.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.452-3.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.452-3.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.452-3.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.452-3.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.452-3.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.452-3.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.452-3.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.452-3.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.452-3.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.452-3.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.452-3.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.452-3.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.452-3.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.452-3.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.452-3.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.452-3.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.452-3.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.452-3.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.452-3.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.452-3.1.x86_64",
"openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.452-3.1.aarch64",
"openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.452-3.1.ppc64le",
"openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.452-3.1.s390x",
"openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.452-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-4447"
}
]
}
RHSA-2025:8431
Vulnerability from csaf_redhat - Published: 2025-06-03 00:37 - Updated: 2026-05-06 16:53Summary
Red Hat Security Advisory: java-1.8.0-ibm security update
Severity
Important
Notes
Topic: An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.
This update upgrades IBM Java SE 8 to version 8 SR8-FP40.
Security Fix(es):
* CVE-2025-21587
* CVE-2025-30698
* CVE-2025-4447
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8. A stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts.
7.0 (High)
Affected products
Fixed
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:17.0.14, 21.0.6, 24; Oracle GraalVM Enterprise Edition:20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
7.4 (High)
Affected products
Fixed
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK: 17.0.14, 21.0.6, 24; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).
5.6 (Medium)
Affected products
Fixed
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 8 to version 8 SR8-FP40.\n\nSecurity Fix(es):\n\n* CVE-2025-21587\n* CVE-2025-30698\n* CVE-2025-4447\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:8431",
"url": "https://access.redhat.com/errata/RHSA-2025:8431"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8431.json"
}
],
"title": "Red Hat Security Advisory: java-1.8.0-ibm security update",
"tracking": {
"current_release_date": "2026-05-06T16:53:00+00:00",
"generator": {
"date": "2026-05-06T16:53:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2025:8431",
"initial_release_date": "2025-06-03T00:37:57+00:00",
"revision_history": [
{
"date": "2025-06-03T00:37:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-03T00:37:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-06T16:53:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Supplementary (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux Supplementary (v. 8)",
"product_id": "Supplementary-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::supplementary"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.x86_64",
"product": {
"name": "java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.x86_64",
"product_id": "java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.8.0-ibm@1.8.0.8.45-1.el8_10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.x86_64",
"product": {
"name": "java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.x86_64",
"product_id": "java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.8.0-ibm-demo@1.8.0.8.45-1.el8_10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.x86_64",
"product": {
"name": "java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.x86_64",
"product_id": "java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.8.0-ibm-devel@1.8.0.8.45-1.el8_10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.x86_64",
"product": {
"name": "java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.x86_64",
"product_id": "java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.8.0-ibm-headless@1.8.0.8.45-1.el8_10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.x86_64",
"product": {
"name": "java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.x86_64",
"product_id": "java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.8.0-ibm-jdbc@1.8.0.8.45-1.el8_10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.x86_64",
"product": {
"name": "java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.x86_64",
"product_id": "java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.8.0-ibm-plugin@1.8.0.8.45-1.el8_10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.x86_64",
"product": {
"name": "java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.x86_64",
"product_id": "java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.8.0-ibm-src@1.8.0.8.45-1.el8_10?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.x86_64",
"product": {
"name": "java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.x86_64",
"product_id": "java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.8.0-ibm-webstart@1.8.0.8.45-1.el8_10?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.s390x",
"product": {
"name": "java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.s390x",
"product_id": "java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.8.0-ibm@1.8.0.8.45-1.el8_10?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.s390x",
"product": {
"name": "java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.s390x",
"product_id": "java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.8.0-ibm-demo@1.8.0.8.45-1.el8_10?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.s390x",
"product": {
"name": "java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.s390x",
"product_id": "java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.8.0-ibm-devel@1.8.0.8.45-1.el8_10?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.s390x",
"product": {
"name": "java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.s390x",
"product_id": "java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.8.0-ibm-headless@1.8.0.8.45-1.el8_10?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.s390x",
"product": {
"name": "java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.s390x",
"product_id": "java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.8.0-ibm-jdbc@1.8.0.8.45-1.el8_10?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.s390x",
"product": {
"name": "java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.s390x",
"product_id": "java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.8.0-ibm-src@1.8.0.8.45-1.el8_10?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.ppc64le",
"product": {
"name": "java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.ppc64le",
"product_id": "java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.8.0-ibm@1.8.0.8.45-1.el8_10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.ppc64le",
"product": {
"name": "java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.ppc64le",
"product_id": "java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.8.0-ibm-demo@1.8.0.8.45-1.el8_10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.ppc64le",
"product": {
"name": "java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.ppc64le",
"product_id": "java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.8.0-ibm-devel@1.8.0.8.45-1.el8_10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.ppc64le",
"product": {
"name": "java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.ppc64le",
"product_id": "java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.8.0-ibm-headless@1.8.0.8.45-1.el8_10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.ppc64le",
"product": {
"name": "java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.ppc64le",
"product_id": "java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.8.0-ibm-jdbc@1.8.0.8.45-1.el8_10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.ppc64le",
"product": {
"name": "java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.ppc64le",
"product_id": "java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.8.0-ibm-plugin@1.8.0.8.45-1.el8_10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.ppc64le",
"product": {
"name": "java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.ppc64le",
"product_id": "java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.8.0-ibm-src@1.8.0.8.45-1.el8_10?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.ppc64le",
"product": {
"name": "java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.ppc64le",
"product_id": "java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/java-1.8.0-ibm-webstart@1.8.0.8.45-1.el8_10?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux Supplementary (v. 8)",
"product_id": "Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.ppc64le"
},
"product_reference": "java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.ppc64le",
"relates_to_product_reference": "Supplementary-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.s390x as a component of Red Hat Enterprise Linux Supplementary (v. 8)",
"product_id": "Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.s390x"
},
"product_reference": "java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.s390x",
"relates_to_product_reference": "Supplementary-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux Supplementary (v. 8)",
"product_id": "Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.x86_64"
},
"product_reference": "java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.x86_64",
"relates_to_product_reference": "Supplementary-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux Supplementary (v. 8)",
"product_id": "Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.ppc64le"
},
"product_reference": "java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.ppc64le",
"relates_to_product_reference": "Supplementary-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.s390x as a component of Red Hat Enterprise Linux Supplementary (v. 8)",
"product_id": "Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.s390x"
},
"product_reference": "java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.s390x",
"relates_to_product_reference": "Supplementary-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux Supplementary (v. 8)",
"product_id": "Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.x86_64"
},
"product_reference": "java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.x86_64",
"relates_to_product_reference": "Supplementary-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux Supplementary (v. 8)",
"product_id": "Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.ppc64le"
},
"product_reference": "java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.ppc64le",
"relates_to_product_reference": "Supplementary-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.s390x as a component of Red Hat Enterprise Linux Supplementary (v. 8)",
"product_id": "Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.s390x"
},
"product_reference": "java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.s390x",
"relates_to_product_reference": "Supplementary-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux Supplementary (v. 8)",
"product_id": "Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.x86_64"
},
"product_reference": "java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.x86_64",
"relates_to_product_reference": "Supplementary-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux Supplementary (v. 8)",
"product_id": "Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.ppc64le"
},
"product_reference": "java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.ppc64le",
"relates_to_product_reference": "Supplementary-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.s390x as a component of Red Hat Enterprise Linux Supplementary (v. 8)",
"product_id": "Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.s390x"
},
"product_reference": "java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.s390x",
"relates_to_product_reference": "Supplementary-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux Supplementary (v. 8)",
"product_id": "Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.x86_64"
},
"product_reference": "java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.x86_64",
"relates_to_product_reference": "Supplementary-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux Supplementary (v. 8)",
"product_id": "Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.ppc64le"
},
"product_reference": "java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.ppc64le",
"relates_to_product_reference": "Supplementary-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.s390x as a component of Red Hat Enterprise Linux Supplementary (v. 8)",
"product_id": "Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.s390x"
},
"product_reference": "java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.s390x",
"relates_to_product_reference": "Supplementary-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux Supplementary (v. 8)",
"product_id": "Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.x86_64"
},
"product_reference": "java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.x86_64",
"relates_to_product_reference": "Supplementary-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux Supplementary (v. 8)",
"product_id": "Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.ppc64le"
},
"product_reference": "java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.ppc64le",
"relates_to_product_reference": "Supplementary-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux Supplementary (v. 8)",
"product_id": "Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.x86_64"
},
"product_reference": "java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.x86_64",
"relates_to_product_reference": "Supplementary-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux Supplementary (v. 8)",
"product_id": "Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.ppc64le"
},
"product_reference": "java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.ppc64le",
"relates_to_product_reference": "Supplementary-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.s390x as a component of Red Hat Enterprise Linux Supplementary (v. 8)",
"product_id": "Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.s390x"
},
"product_reference": "java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.s390x",
"relates_to_product_reference": "Supplementary-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux Supplementary (v. 8)",
"product_id": "Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.x86_64"
},
"product_reference": "java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.x86_64",
"relates_to_product_reference": "Supplementary-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux Supplementary (v. 8)",
"product_id": "Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.ppc64le"
},
"product_reference": "java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.ppc64le",
"relates_to_product_reference": "Supplementary-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux Supplementary (v. 8)",
"product_id": "Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.x86_64"
},
"product_reference": "java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.x86_64",
"relates_to_product_reference": "Supplementary-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4447",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-05-09T21:00:48.499746+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2365395"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8. A stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "java-1.8.0-ibm: Buffer Overflow in Eclipse OpenJ9",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4447"
},
{
"category": "external",
"summary": "RHBZ#2365395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365395"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4447",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4447"
},
{
"category": "external",
"summary": "https://github.com/eclipse-openj9/openj9/pull/21762",
"url": "https://github.com/eclipse-openj9/openj9/pull/21762"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/61",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/61"
},
{
"category": "external",
"summary": "https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities#IBM_Security_Update_May_2025",
"url": "https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities#IBM_Security_Update_May_2025"
},
{
"category": "external",
"summary": "https://www.ibm.com/support/pages/node/7233417",
"url": "https://www.ibm.com/support/pages/node/7233417"
}
],
"release_date": "2025-05-09T20:40:25.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-03T00:37:57+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8431"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "java-1.8.0-ibm: Buffer Overflow in Eclipse OpenJ9"
},
{
"cve": "CVE-2025-21587",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2025-04-15T07:43:27.892000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2359695"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:17.0.14, 21.0.6, 24; Oracle GraalVM Enterprise Edition:20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: Better TLS connection support (Oracle CPU 2025-04)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this vulnerability is considered Moderate rather than Important due to the specific conditions required for exploitation and the complexity involved in executing the attack.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-21587"
},
{
"category": "external",
"summary": "RHBZ#2359695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359695"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-21587",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21587"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixJAVA"
}
],
"release_date": "2025-04-15T21:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-03T00:37:57+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8431"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openjdk: Better TLS connection support (Oracle CPU 2025-04)"
},
{
"cve": "CVE-2025-30698",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2025-04-15T07:38:28.558000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2359693"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK: 17.0.14, 21.0.6, 24; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: Enhance Buffered Image handling (Oracle CPU 2025-04)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-30698"
},
{
"category": "external",
"summary": "RHBZ#2359693",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359693"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-30698",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30698"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixJAVA"
}
],
"release_date": "2025-04-15T21:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-03T00:37:57+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8431"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-demo-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-devel-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-headless-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-jdbc-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-plugin-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.s390x",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-src-1:1.8.0.8.45-1.el8_10.x86_64",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.ppc64le",
"Supplementary-8.10.0.Z.MAIN.EUS:java-1.8.0-ibm-webstart-1:1.8.0.8.45-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openjdk: Enhance Buffered Image handling (Oracle CPU 2025-04)"
}
]
}
SUSE-SU-2025:01770-1
Vulnerability from csaf_suse - Published: 2025-05-30 10:09 - Updated: 2025-05-30 10:09Summary
Security update for java-1_8_0-ibm
Severity
Important
Notes
Title of the patch: Security update for java-1_8_0-ibm
Description of the patch: This update for java-1_8_0-ibm fixes the following issues:
Update to Java 8.0 Service Refresh 8 Fix Pack 45.
Security issues fixed:
- Oracle April 15 2025 CPU (bsc#1242208)
* CVE-2025-21587: unauthorized access, deletion and modification of critical data via the JSSE component
(bsc#1241274).
* CVE-2025-30691: unauthorized access to data via the Compiler component (bsc#1241275).
* CVE-2025-30698: unauthorized access to data and ability to cause a partial DoS via the 2D component (bsc#1241276).
- IBM Security Update May 2025
* CVE-2025-4447: stack based buffer overflow in Eclipse OpenJ9 through modification of file that is read when the JVM
starts (bsc#1243429).
Other changes and issues fixed:
- Security:
* Avoid memory leak during aes cipher initialization operations
for IBMJCEPlus and IBMJCEPlusProviders provider.
* Changing the default of the com.ibm.security.spnego.msinterop
property from true to false.
* Deserializing a com.ibm.crypto.provider.rsaprivatecrtkey object
causes a java.io.invalidobjectexception to be thrown.
* Failed to read private key from a JKS keystore, specified as
JCEKS keystore.
* HTTPS channel binding support.
* Keytool listing PKCS12 keystore issue.
* On Linux systems, use gcc11.2 to compile IBM PKCS11 library.
* Support has been added to the IBM Java XMLDSigRI security provider
for the EdDSA (Edwards-curve Digital Signature Algorithm).
* Updates to XDH Key Agreement, AESGCM Algorithms in IBMJCEPlus
and IBMJCEPlusFIPS providers.
- Class Libraries:
* Update timezone information to the latest tzdata2025a.
- Java Virtual Machine:
* A SIGSEGV/GPF event received while processing verifyerror.
* Crash while resolving MethodHandleNatives.
* NoSuchMethodException or NoClassDefFoundError when loading classes.
- JIT Compiler:
* Assert in the JIT Compiler, badILOp.
* Reduced MD5 performance.
Patchnames: SUSE-2025-1770,SUSE-SLE-SERVER-12-SP5-LTSS-2025-1770,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1770
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.8 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for java-1_8_0-ibm",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for java-1_8_0-ibm fixes the following issues:\n\nUpdate to Java 8.0 Service Refresh 8 Fix Pack 45.\n\nSecurity issues fixed:\n\n- Oracle April 15 2025 CPU (bsc#1242208)\n\n * CVE-2025-21587: unauthorized access, deletion and modification of critical data via the JSSE component\n (bsc#1241274).\n * CVE-2025-30691: unauthorized access to data via the Compiler component (bsc#1241275).\n * CVE-2025-30698: unauthorized access to data and ability to cause a partial DoS via the 2D component (bsc#1241276).\n\n- IBM Security Update May 2025\n\n * CVE-2025-4447: stack based buffer overflow in Eclipse OpenJ9 through modification of file that is read when the JVM\n starts (bsc#1243429).\n\nOther changes and issues fixed:\n\n- Security:\n\n * Avoid memory leak during aes cipher initialization operations\n for IBMJCEPlus and IBMJCEPlusProviders provider.\n * Changing the default of the com.ibm.security.spnego.msinterop\n property from true to false.\n * Deserializing a com.ibm.crypto.provider.rsaprivatecrtkey object\n causes a java.io.invalidobjectexception to be thrown.\n * Failed to read private key from a JKS keystore, specified as\n JCEKS keystore.\n * HTTPS channel binding support.\n * Keytool listing PKCS12 keystore issue.\n * On Linux systems, use gcc11.2 to compile IBM PKCS11 library.\n * Support has been added to the IBM Java XMLDSigRI security provider\n for the EdDSA (Edwards-curve Digital Signature Algorithm).\n * Updates to XDH Key Agreement, AESGCM Algorithms in IBMJCEPlus\n and IBMJCEPlusFIPS providers.\n\n- Class Libraries:\n\n * Update timezone information to the latest tzdata2025a.\n\n- Java Virtual Machine:\n\n * A SIGSEGV/GPF event received while processing verifyerror.\n * Crash while resolving MethodHandleNatives.\n * NoSuchMethodException or NoClassDefFoundError when loading classes.\n\n- JIT Compiler:\n\n * Assert in the JIT Compiler, badILOp.\n * Reduced MD5 performance.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-1770,SUSE-SLE-SERVER-12-SP5-LTSS-2025-1770,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1770",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_01770-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:01770-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501770-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:01770-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-May/039458.html"
},
{
"category": "self",
"summary": "SUSE Bug 1241274",
"url": "https://bugzilla.suse.com/1241274"
},
{
"category": "self",
"summary": "SUSE Bug 1241275",
"url": "https://bugzilla.suse.com/1241275"
},
{
"category": "self",
"summary": "SUSE Bug 1241276",
"url": "https://bugzilla.suse.com/1241276"
},
{
"category": "self",
"summary": "SUSE Bug 1242208",
"url": "https://bugzilla.suse.com/1242208"
},
{
"category": "self",
"summary": "SUSE Bug 1243429",
"url": "https://bugzilla.suse.com/1243429"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21587 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21587/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-30691 page",
"url": "https://www.suse.com/security/cve/CVE-2025-30691/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-30698 page",
"url": "https://www.suse.com/security/cve/CVE-2025-30698/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4447 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4447/"
}
],
"title": "Security update for java-1_8_0-ibm",
"tracking": {
"current_release_date": "2025-05-30T10:09:24Z",
"generator": {
"date": "2025-05-30T10:09:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:01770-1",
"initial_release_date": "2025-05-30T10:09:24Z",
"revision_history": [
{
"date": "2025-05-30T10:09:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.i586",
"product": {
"name": "java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.i586",
"product_id": "java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.i586"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.i586",
"product": {
"name": "java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.i586",
"product_id": "java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.i586"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-demo-1.8.0_sr8.45-30.135.1.i586",
"product": {
"name": "java-1_8_0-ibm-demo-1.8.0_sr8.45-30.135.1.i586",
"product_id": "java-1_8_0-ibm-demo-1.8.0_sr8.45-30.135.1.i586"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.i586",
"product": {
"name": "java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.i586",
"product_id": "java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.i586"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.i586",
"product": {
"name": "java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.i586",
"product_id": "java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.i586"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-src-1.8.0_sr8.45-30.135.1.i586",
"product": {
"name": "java-1_8_0-ibm-src-1.8.0_sr8.45-30.135.1.i586",
"product_id": "java-1_8_0-ibm-src-1.8.0_sr8.45-30.135.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.ppc64le",
"product": {
"name": "java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.ppc64le",
"product_id": "java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-demo-1.8.0_sr8.45-30.135.1.ppc64le",
"product": {
"name": "java-1_8_0-ibm-demo-1.8.0_sr8.45-30.135.1.ppc64le",
"product_id": "java-1_8_0-ibm-demo-1.8.0_sr8.45-30.135.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.ppc64le",
"product": {
"name": "java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.ppc64le",
"product_id": "java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.ppc64le"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-src-1.8.0_sr8.45-30.135.1.ppc64le",
"product": {
"name": "java-1_8_0-ibm-src-1.8.0_sr8.45-30.135.1.ppc64le",
"product_id": "java-1_8_0-ibm-src-1.8.0_sr8.45-30.135.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.s390",
"product": {
"name": "java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.s390",
"product_id": "java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.s390"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-demo-1.8.0_sr8.45-30.135.1.s390",
"product": {
"name": "java-1_8_0-ibm-demo-1.8.0_sr8.45-30.135.1.s390",
"product_id": "java-1_8_0-ibm-demo-1.8.0_sr8.45-30.135.1.s390"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.s390",
"product": {
"name": "java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.s390",
"product_id": "java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.s390"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-src-1.8.0_sr8.45-30.135.1.s390",
"product": {
"name": "java-1_8_0-ibm-src-1.8.0_sr8.45-30.135.1.s390",
"product_id": "java-1_8_0-ibm-src-1.8.0_sr8.45-30.135.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.s390x",
"product": {
"name": "java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.s390x",
"product_id": "java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.s390x"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-32bit-1.8.0_sr8.45-30.135.1.s390x",
"product": {
"name": "java-1_8_0-ibm-32bit-1.8.0_sr8.45-30.135.1.s390x",
"product_id": "java-1_8_0-ibm-32bit-1.8.0_sr8.45-30.135.1.s390x"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-demo-1.8.0_sr8.45-30.135.1.s390x",
"product": {
"name": "java-1_8_0-ibm-demo-1.8.0_sr8.45-30.135.1.s390x",
"product_id": "java-1_8_0-ibm-demo-1.8.0_sr8.45-30.135.1.s390x"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.s390x",
"product": {
"name": "java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.s390x",
"product_id": "java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.s390x"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-devel-32bit-1.8.0_sr8.45-30.135.1.s390x",
"product": {
"name": "java-1_8_0-ibm-devel-32bit-1.8.0_sr8.45-30.135.1.s390x",
"product_id": "java-1_8_0-ibm-devel-32bit-1.8.0_sr8.45-30.135.1.s390x"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-src-1.8.0_sr8.45-30.135.1.s390x",
"product": {
"name": "java-1_8_0-ibm-src-1.8.0_sr8.45-30.135.1.s390x",
"product_id": "java-1_8_0-ibm-src-1.8.0_sr8.45-30.135.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64",
"product": {
"name": "java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64",
"product_id": "java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-32bit-1.8.0_sr8.45-30.135.1.x86_64",
"product": {
"name": "java-1_8_0-ibm-32bit-1.8.0_sr8.45-30.135.1.x86_64",
"product_id": "java-1_8_0-ibm-32bit-1.8.0_sr8.45-30.135.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64",
"product": {
"name": "java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64",
"product_id": "java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-demo-1.8.0_sr8.45-30.135.1.x86_64",
"product": {
"name": "java-1_8_0-ibm-demo-1.8.0_sr8.45-30.135.1.x86_64",
"product_id": "java-1_8_0-ibm-demo-1.8.0_sr8.45-30.135.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64",
"product": {
"name": "java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64",
"product_id": "java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-devel-32bit-1.8.0_sr8.45-30.135.1.x86_64",
"product": {
"name": "java-1_8_0-ibm-devel-32bit-1.8.0_sr8.45-30.135.1.x86_64",
"product_id": "java-1_8_0-ibm-devel-32bit-1.8.0_sr8.45-30.135.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64",
"product": {
"name": "java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64",
"product_id": "java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64"
}
},
{
"category": "product_version",
"name": "java-1_8_0-ibm-src-1.8.0_sr8.45-30.135.1.x86_64",
"product": {
"name": "java-1_8_0-ibm-src-1.8.0_sr8.45-30.135.1.x86_64",
"product_id": "java-1_8_0-ibm-src-1.8.0_sr8.45-30.135.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.ppc64le"
},
"product_reference": "java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.s390x"
},
"product_reference": "java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64"
},
"product_reference": "java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64"
},
"product_reference": "java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.ppc64le"
},
"product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.s390x"
},
"product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64"
},
"product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64"
},
"product_reference": "java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64"
},
"product_reference": "java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64"
},
"product_reference": "java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64"
},
"product_reference": "java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64"
},
"product_reference": "java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-21587",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21587"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21587",
"url": "https://www.suse.com/security/cve/CVE-2025-21587"
},
{
"category": "external",
"summary": "SUSE Bug 1241274 for CVE-2025-21587",
"url": "https://bugzilla.suse.com/1241274"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-30T10:09:24Z",
"details": "important"
}
],
"title": "CVE-2025-21587"
},
{
"cve": "CVE-2025-30691",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-30691"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-30691",
"url": "https://www.suse.com/security/cve/CVE-2025-30691"
},
{
"category": "external",
"summary": "SUSE Bug 1241275 for CVE-2025-30691",
"url": "https://bugzilla.suse.com/1241275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-30T10:09:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-30691"
},
{
"cve": "CVE-2025-30698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-30698"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-30698",
"url": "https://www.suse.com/security/cve/CVE-2025-30698"
},
{
"category": "external",
"summary": "SUSE Bug 1241274 for CVE-2025-30698",
"url": "https://bugzilla.suse.com/1241274"
},
{
"category": "external",
"summary": "SUSE Bug 1241276 for CVE-2025-30698",
"url": "https://bugzilla.suse.com/1241276"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-30T10:09:24Z",
"details": "important"
}
],
"title": "CVE-2025-30698"
},
{
"cve": "CVE-2025-4447",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4447"
}
],
"notes": [
{
"category": "general",
"text": "In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4447",
"url": "https://www.suse.com/security/cve/CVE-2025-4447"
},
{
"category": "external",
"summary": "SUSE Bug 1243429 for CVE-2025-4447",
"url": "https://bugzilla.suse.com/1243429"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.45-30.135.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.45-30.135.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-30T10:09:24Z",
"details": "important"
}
],
"title": "CVE-2025-4447"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…