Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM05634EB3575FF7ACE79429F7041F91E5F57DFE19C608E44E00E309330A3AC2F9
HistoryFeb 07, 2023 - 8:57 p.m.

Security Bulletin: A Security Vulnerability has been identified in the IBM Java SDK as shipped with IBM Security Verify Access.

2023-02-0720:57:30
www.ibm.com
23

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

45.2%

JSON

Summary

A Security Vulnerability in the IBM Java SDK OpenJ9 affects the IBM Security Verify Access (ISVA) Appliance and Container images.

Vulnerability Details

CVEID:CVE-2021-28167
**DESCRIPTION:**Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by a flaw in the jdk.internal.reflect.ConstantPool API. By sending a specially-crafted request, an attacker could exploit this vulnerability to call static methods or access static members without running the class initialization method.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/200533 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Security Verify Access Docker 10.0.X
IBM Security Verify Access Appliance 10.0.X

Remediation/Fixes

Affected Products and Versions

Affected Product(s) Version(s)
IBM Security Verify Access Docker 10.0.X
IBM Security Verify Access 10.0.X
This affects all ISVA products from 10.0.0.0 through 10.0.4.0. It is fixed in ISVA 10.0.5.0 FP0000

Remediation/Fixes

IBM encourages customers to update their systems promptly.

IBM Security Verify Access (Docker Container)

For Version 10.0.0.0

  • Obtain the latest version of the container by running the following command “docker pull ibmcom/verify-access:[tag]”

Where [tag] is the latest published version and can be confirmed here

For the ISAM/ISVA appliances

Affected Products and Versions

|

Fix availability

—|—

IBM Security Verify Access 10.0.0.0

|

10.0.5-ISS-ISVA-FP0000

Workarounds and Mitigations

None

Related

ibm 17
prion 1
osv 1
cve 1
aix 1
nessus 1
ibm
ibm
Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer
2022-12-06 17:14:26
Security Bulletin: A security vulnerability has been identified in IBM® SDK, Java™ Technology Edition shipped with IBM Tivoli Business Service Manager (CVE-2021-28167)
2022-12-06 16:12:16
Security Bulletin: Multiple vulnerabilities in IBM Java - OpenJ9 affect IBM Tivoli System Automation for Multiplatforms (CVE-2021-28167)
2023-01-19 14:26:07
prion
prion
Design/Logic Flaw
2021-04-21 18:15:00
osv
osv
CVE-2021-28167
2021-04-21 18:15:08
cve
cve
CVE-2021-28167
2021-04-21 18:15:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2022-12-22 10:09:37
nessus
nessus
IBM Cognos Analytics 11.1.1 < 11.1.7 FP8 / 11.2.x < 11.2.4 FP3 / 12.0.x < 12.0.2 (7123154)
2024-04-25 00:00:00

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

45.2%

JSON
Related for 05634EB3575FF7ACE79429F7041F91E5F57DFE19C608E44E00E309330A3AC2F9
ibm17prion1osv1cve1aix1nessus1