A recent announcement by IBM communicated that some of our customers may be to vulnerable to a security flaw in IBM Sterling Connect:Direct Browser User Interface due to IBM Java.

There are multiple vulnerabilities in IBM Runtime Environment Java Versions and the description provided by IBM states that “An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in low availability impact using unknown attack vectors”

The recommendation is to apply a fix, suggested by IBM in their security bulletin here. Alternately, contact us and we can have a look at your systems to determine a best course of action.

Applicable CVEs: CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21294, CVE-2022-21293, CVE-2022-21291, CVE-2022-21248

View the original security notification by IBM here.