Lucene search

IBM03A75A8ADEE2A3CF05A2ED491DBA9138617AEFF976CB3B9F8B7A69B2AE72BF8A

HistoryDec 06, 2022 - 4:48 p.m.

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer

2022-12-0616:48:13

www.ibm.com

ibm java sdk

ibm java runtime

rational business developer

cve-2021-2163

vulnerability

fix

affected versions

security bulletin

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

0.002 Low

EPSS

Percentile

61.0%

JSON

Summary

There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 7 and 8 and IBM® Runtime Environment Java™ Version 7 and 8 used by Rational Business Developer. Rational Business Developer has provided a fix for the applicable CVE. This issue was disclosed as part of the IBM Java SDK and Runtime Environment update deferred from CVE-2021-2163 (deferred from Oracle Apr 2021 CPU for IBM Java 7.x and IBM Java 8).

Vulnerability Details

CVEID:CVE-2021-2163
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/200292 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
RBD	9.1 - 9.1.1.2
RBD	9.5 - 9.5.1.2
RBD	9.6 - 9.6.0.1
RBD	9.7

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by installing this fix or a newer iFix or Fix Pack.

Product	VRMF	APAR	Remediation / First Fix	File Name
Rational Business Developer	9.1 - 9.1.1.2	None

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/Rational+Business+Developer&release=9.1.0&platform=All&function=all

RBD_9.1_IBM_JDK7_SR5_FP15

Rational Business Developer| 9.5 - 9.5.1.2| None|

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/Rational+Business+Developer&release=9.5.0&platform=All&function=all

RBD_9.5_IBM_JDK8_SR7_FP16

Rational Business Developer| 9.6 - 9.6.0.1| None|

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/Rational+Business+Developer&release=9.6&platform=All&function=all

RBD_9.6_IBM_JDK8_SR7_FP16

Rational Business Developer| 9.7| None|

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/Rational+Business+Developer&release=9.7.0&platform=All&function=all

RBD_9.7_IBM_JDK8_SR7_FP16

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmrational_business_developerMatch9.1

ibmrational_business_developerMatch9.5

ibmrational_business_developerMatch9.6

ibmrational_business_developerMatch9.7

CPENameOperatorVersion
rational business developereq9.1
rational business developereq9.5
rational business developereq9.6
rational business developereq9.7