Summary There are vulnerabilities in IBM® Java™ Version 8 and IBM WebSphere Application Server Liberty used by IBM Planning Analytics and IBM Planning Analytics Workspace. IBM Planning Analytics has addressed the applicable CVEs by upgrading to non-vulnerable versions of IBM® JRE and IIBM WebSphere Application Server Liberty in 2.0.9.20. IBM Planning Analytics Workspace has addressed the applicable CVEs by upgrading to non-vulnerable versions of IBM® JRE / IBM Semeru and IBM WebSphere Application Server Liberty in Planning Analytics Workspace 2.0.97 / Planning Analytics Workspace 2.1.4 or earlier. Please refer to the Related Information section below for vulnerability impact. Vulnerability Details ** CVEID: CVE-2024-22329 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct the SSRF attack. X-Force ID: 279951. CVSS Base score: 4.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279951 for the current score. CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) ** CVEID: CVE-2023-22045 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality impacts. CVSS Base score: 3.7 CVSS Temporal Score: See: …Read More