CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27267 – IBM SDK, Java Technology Edition denial of service
https://notcve.org/view.php?id=CVE-2024-27267
The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads. IBM X-Force ID: 284573. • https://exchange.xforce.ibmcloud.com/vulnerabilities/284573 https://www.ibm.com/support/pages/node/7165421 • CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38264 – IBM SDK, Java Technology Edition denial of service
https://notcve.org/view.php?id=CVE-2023-38264
The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM X-Force ID: 260578. El SDK de IBM, Object Request Broker (ORB) de Java Technology Edition 7.1.0.0 a 7.1.5.21 y 8.0.0.0 a 8.0.8.21 es vulnerable a un ataque de denegación de servicio en algunas circunstancias debido a la aplicación inadecuada de JEP 290 MaxRef y MaxDepth. filtros de deserialización. ID de IBM X-Force: 260578. The IBM SDK, Java Technology Edition's Object Request Broker (ORB) is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260578 https://www.ibm.com/support/pages/node/7150727 https://access.redhat.com/security/cve/CVE-2023-38264 https://bugzilla.redhat.com/show_bug.cgi?id=2279963 • CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-30441 – IBM Java information disclosure
https://notcve.org/view.php?id=CVE-2023-30441
IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188. • https://exchange.xforce.ibmcloud.com/vulnerabilities/253188 https://www.ibm.com/support/pages/node/6985011 https://www.ibm.com/support/pages/node/6986617 https://www.ibm.com/support/pages/node/6986637 https://www.ibm.com/support/pages/node/6987167 https://access.redhat.com/security/cve/CVE-2023-30441 https://bugzilla.redhat.com/show_bug.cgi?id=2188465 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-4473
https://notcve.org/view.php?id=CVE-2019-4473
Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984. Múltiples archivos binarios en el SDK de IBM , Java Technology Edition versiones 7, 7R y 8, en la plataforma AIX usan RPATH absolutos no seguros, que puede facilitar la inyección de código y la escalada de privilegios por parte de los usuarios locales. ID de IBM X-Force: 163984. • http://www.ibm.com/support/docview.wss?uid=ibm10960422 https://exchange.xforce.ibmcloud.com/vulnerabilities/163984 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.1EPSS: 1%CPEs: 5EXPL: 0CVE-2018-1417 – JDK: J9 JVM allows untrusted code running under a security manager to elevate its privileges
https://notcve.org/view.php?id=CVE-2018-1417
Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823. Bajo determinadas circunstancias, un fallo en J9 JVM (IBM SDK, Java Technology Edition 7.1 y 8.0) permite que se ejecute código no fiable bajo un gestor de seguridad para elevar sus privilegios. IBM X-Force ID: 138823. • http://www.ibm.com/support/docview.wss?uid=isg3T1027315 http://www.ibm.com/support/docview.wss?uid=swg22014937 http://www.securityfocus.com/bid/103216 http://www.securitytracker.com/id/1040403 https://access.redhat.com/errata/RHSA-2018:1463 https://exchange.xforce.ibmcloud.com/vulnerabilities/138823 https://www.ibm.com/support/docview.wss?uid=swg22012965 https://access.redhat.com/security/cve/CVE-2018-1417 https://bugzilla.redhat.com/show_bug.cgi?id=1568966 • CWE-732: Incorrect Permission Assignment for Critical Resource •