IBM04B477B103393898BC319DDD26833004FBA6DA0305C44DD6BD870983D9B2B45ASecurity Bulletin: IBM Tivoli Netcool Impact is vulnerable to remote attack due to Apache Derby (CVE-2022-46337)
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
62.2%
Summary
Apache Derby is shipped with IBM Tivoli Netcool Impact as part of its datastructure. Information about a security vulnerability affecting Apache Derby has been published in a security bulletin. This bulletin identifies the steps to take to address the vulnerability.
Vulnerability Details
CVEID:CVE-2022-46337
**DESCRIPTION:**Apache Derby could allow a remote attacker to bypass security restrictions, caused by a LDAP injection vulnerability in authenticator. By sending a specially crafted request, an attacker could exploit this vulnerability to view and corrupt sensitive data and run sensitive database functions and procedures.
CVSS Base score: 9.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271915 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Tivoli Netcool Impact | 7.1.0.0 - 7.1.0.32 |
Remediation/Fixes
| Product | VRMF | APAR | Remediation |
|---|---|---|---|
| IBM Tivoli Netcool Impact | 7.1.0.33 | IJ49955 | Upgrade to IBM Tivoli Netcool Impact 7.1.0 FP33 |
Workarounds and Mitigations
None
Affected configurations
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
62.2%