Multiple vulnerabilities in IBM Semeru Runtime allow an attacker to cause a Denial of Service, with a CVSS Base Score of 8.7. Affected versions are IBM Semeru Runtime versions prior to 8.0.452.0, 11.0.27.0, 17.0.15.0, and 21.0.7.0. The advisory confirms that mitigations are available, indicating patches have been released for these specific version thresholds.
[WID-SEC-2025-1056] IBM Semeru Runtime: Mehrere Schwachstellen ermöglichen Denial of Service CVSS Base Score 8.7 (hoch) CVSS Temporal Score 7.6 (hoch) Remoteangriff nein Datum 14.05.2025 Stand UPDATE 13.05.2026 Mitigation ja Betroffene Systeme Betriebssystem Linux Sonstiges UNIX Windows Produktbeschreibung IBM Semeru Runtime ist ein Java Runtime Environment. Produkte UPDATE 12.05.2026 IBM Cognos Analytics <11.2.4 FP7 IBM Cognos Analytics <12.0.4 FP2 IBM Cognos Analytics <12.1.2 UPDATE 11.09.2025 IBM Tivoli Monitoring for Virtual Environments 7.3.7 HCL BigFix Compliance <2.0.14 UPDATE 21.08.2025 IBM Rational Business Developer 9.6 IBM Rational Business Developer 9.7 UPDATE 06.08.2025 IBM Rational Business Developer IBM Business Automation Workflow UPDATE 05.08.2025 HCL Commerce <9.0.1.16 HCL Commerce <9.1.18.2 UPDATE 23.07.2025 IBM MQ UPDATE 22.07.2025 IBM Tivoli Business Service Manager 6.2.0-6.2.0.6 UPDATE 20.07.2025 IBM SPSS Statistics UPDATE 17.07.2025 IBM Tivoli Netcool/OMNIbus IBM SPSS UPDATE 15.07.2025 IBM Sterling Connect:Direct UPDATE 14.07.2025 IBM Sterling Connect:Direct <6.3.0.5 IBM Sterling Connect:Direct <6.4.0.2 IBM Sterling Connect:Direct <6.2.0.7.iFix052 UPDATE 13.07.2025 IBM Sterling Connect:Direct <6.2.0.7 UPDATE 10.07.2025 IBM Sterling Connect:Direct webServices <6.4.0.3 IBM Sterling Connect:Direct webServices <6.3.0.14 IBM Sterling Connect:Direct webServices <6.2.0.28 UPDATE 07.07.2025 IBM TXSeries Multiplatforms UPDATE 06.07.2025 IBM Power Hardware Management Console V10 UPDATE 03.07.2025 IBM DB2 11.1 IBM DataPower Gateway <10.6.4.0 IBM DB2 11.5 IBM DB2 10.5 IBM DataPower Gateway <10.6.0.6 IBM DataPower Gateway <10.5.0.18 IBM Security Verify Access <10.0.9 IF2 UPDATE 02.07.2025 IBM SPSS Collaboration and Deployment Services 8.5 UPDATE 25.06.2025 IBM Integration Bus 10.1.0.0-10.1.0.5 IBM App Connect Enterprise <13.0.4.0 IBM App Connect Enterprise <12.0.12.15 UPDATE 24.06.2025 IBM InfoSphere Information Server 11.7 IBM App Connect Enterprise <12.0.12.15 IBM App Connect Enterprise <13.0.4.0 UPDATE 23.06.2025 IBM InfoSphere Identity Insight 10.0.0.0 IBM InfoSphere Identity Insight 9.0.0.1 UPDATE 22.06.2025 IBM License Metric Tool <9.2.40 UPDATE 09.06.2025 IBM Maximo Asset Management 7.6.1.3 IBM Security Guardium Key Lifecycle Manager 4.1.1 IBM Security Guardium Key Lifecycle Manager 4.2 IBM Security Guardium Key Lifecycle Manager 4.1 IBM Security Guardium Key Lifecycle Manager 4.2.1 IBM Security Guardium Key Lifecycle Manager 5.0 UPDATE 02.06.2025 IBM Business Automation Workflow UPDATE 21.05.2025 Red Hat Enterprise Linux 14.05.2025 IBM Semeru Runtime <8.0.452.0 IBM Semeru Runtime <11.0.27.0 IBM Semeru Runtime <17.0.15.0 IBM Semeru Runtime <21.0.7.0 Angriff Angriff Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM Semeru Runtime ausnutzen, um einen Denial of Service Angriff durchzuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben