• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • A Hacker’s Dozen: 11 New Security Vulns Reported in IBM i

    August 23, 2023 Alex Woodie

    IBM on August 18 reported 11 new security vulnerabilities in IBM i’s Java stack, including two critical Java flaws that should be patched immediately. The new batch of vulns continues what has been an active summer for security flaws on the platform.

    IBM revealed the existence of the 11 Java security flaws in IBM i version 7.2 through 7.5 and the availability of emergency program temporary fixes (PTFs) on the security bulletin section of its IBM Product Security Central webpage.

    The security bulletin shows 11 flaws, CVE-2022-21426 through CVE-2023-21968, impacting various components of the Java stack, including the Java Software Development Kit (SDK) and the Java Runtime for IBM i. The flaws could potentially expose IBM i users to a variety of threats, including denial of service (DOS) attacks, and loss of availability, integrity, and confidentiality of data, IBM’s website states.

    The most severe flaw is CVE-2023-21930, an unspecified vulnerability in Oracle Java SE (Standard Edition) and Oracle GraalVM Enterprise Edition that’s related to the Java Secure Socket Extension (JSSE) component. This flaw could allow an unauthenticated attacker to cause a high confidentiality impact and a high integrity impact, and carries a CVSS Base score of 7.4 (on a scale of 10).

    The second critical flaw is CVE-2023-2597, which is described as a buffer overflow flaw in Eclipse Openj9 caused by improper bounds checking. A local authenticated attacker could overflow a buffer and execute arbitrary code on the system by using specially crafted input, the security alert says. This flaw carries a CVSS Base score of 7

    Several other flaws carry moderate impacts, including CVE-2023-21967 and CVE-2023-21954, which carry CVSS Base scores of 5.9; and CVE-2022-21426, CVE-2023-21939, and CVE-2023-21830, with CVSS Base scores of 5.3. Four other flaws have a score of 3.7.

    There are no workarounds for any of these flaws, and users are encouraged to apply the available PTFs immediately. For each operating system release, there is a single PTF that will fix all 11 Java flaws. See this security bulletin for links to download the PTFs.

    IBM also gave this warning to users who run their own Java code: “If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code.”

    It’s been an active summer for security flaws on IBM i. Going back to May 1, there have been 28 individual security flaws impacting IBM i, according to a search of security bulletins on IBM’s Product Security Central. Many of these flaws impact open source components, such as Java and OpenSSL, which tend to attract the most attention from hackers. But many of the flaws have also impacted core components of the IBM i stack, including DDM, Performance Tools, and Facsimile Report.

    All told, the year has brought 52 known vulnerabilities to the IBM i platform. With more than four months left, that number is sure to grow.

    RELATED STORIES

    Midsummer Security Indicators: Hot and Gloomy

    A Decade of Data Breaches: Some Things Never Change

    Serious New IBM i Vulns Exposed by Silent Signal – More On the Way

    New “High Priority” DDM Vulnerability Affects IBM i

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags: Tags: IBM i, Java, Java Runtime for IBM i, Java Secure Socket Extension, Java Software Development Kit, OpenSSL, PTF

    Sponsored by
    DRV Tech

    Get More Out of Your IBM i

    With soaring costs, operational data is more critical than ever. IBM shops need faster, easier ways to distribute IBM applications-based data to users more efficiently, no matter where they are.

    The Problem:

    For Users, IBM Data Can Be Difficult to Get To

    IBM Applications generate reports as spooled files, originally designed to be printed. Often those reports are packed together with so much data it makes them difficult to read. Add to that hardcopy is a pain to distribute. User-friendly formats like Excel and PDF are better, offering sorting, searching, and easy portability but getting IBM reports into these formats can be tricky without the right tools.

    The Solution:

    IBM i Reports can easily be converted to easy to read and share formats like Excel and PDF and Delivered by Email

    Converting IBM i, iSeries, and AS400 reports into Excel and PDF is now a lot easier with SpoolFlex software by DRV Tech.  If you or your users are still doing this manually, think how much time is wasted dragging and reformatting to make a report readable. How much time would be saved if they were automatically formatted correctly and delivered to one or multiple recipients.

    SpoolFlex converts spooled files to Excel and PDF, automatically emailing them, and saving copies to network shared folders. SpoolFlex converts complex reports to Excel, removing unwanted headers, splitting large reports out for individual recipients, and delivering to users whether they are at the office or working from home.

    Watch our 2-minute video and see DRV’s powerful SpoolFlex software can solve your file conversion challenges.

    Watch Video

    DRV Tech

    www.drvtech.com

    866.378.3366

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Say Sayonara To The IBM i Integrated Server Four Hundred Monitor, August 23

    Leave a Reply Cancel reply

TFH Volume: 33 Issue: 52

This Issue Sponsored By

  • Maxava
  • New Generation Software
  • Shield Advanced Solutions Ltd
  • Briteskies
  • Raz-Lee Security

Table of Contents

  • How Long Before Big Blue Brings Code Assist To IBM i?
  • Profound Logic Explores AI Paths for IBM i
  • New Run SQL Scripts Features in ACS Update
  • Four Hundred Monitor, August 23
  • A Hacker’s Dozen: 11 New Security Vulns Reported in IBM i

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • Meet The Next Gen Of IBMers Helping To Build IBM i
  • Looks Like IBM Is Building A Linux-Like PASE For IBM i After All
  • Will Independent IBM i Clouds Survive PowerVS?
  • Now, IBM Is Jacking Up Hardware Maintenance Prices
  • IBM i PTF Guide, Volume 27, Number 24
  • Big Blue Raises IBM i License Transfer Fees, Other Prices
  • Keep The IBM i Youth Movement Going With More Training, Better Tools
  • Remain Begins Migrating DevOps Tools To VS Code
  • IBM Readies LTO-10 Tape Drives And Libraries
  • IBM i PTF Guide, Volume 27, Number 23

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2025 IT Jungle