6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
45.2%
A Security Vulnerability in the IBM Java SDK OpenJ9 affects the IBM Security Verify Access (ISVA) Appliance and Container images.
CVEID:CVE-2021-28167
**DESCRIPTION:**Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by a flaw in the jdk.internal.reflect.ConstantPool API. By sending a specially-crafted request, an attacker could exploit this vulnerability to call static methods or access static members without running the class initialization method.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/200533 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Security Verify Access Docker | 10.0.X |
IBM Security Verify Access Appliance | 10.0.X |
Affected Products and Versions
Affected Product(s) | Version(s) |
---|---|
IBM Security Verify Access Docker | 10.0.X |
IBM Security Verify Access | 10.0.X |
This affects all ISVA products from 10.0.0.0 through 10.0.4.0. It is fixed in ISVA 10.0.5.0 FP0000 |
Remediation/Fixes
IBM encourages customers to update their systems promptly.
IBM Security Verify Access (Docker Container)
For Version 10.0.0.0
Where [tag] is the latest published version and can be confirmed here
For the ISAM/ISVA appliances
Affected Products and Versions
|
Fix availability
—|—
IBM Security Verify Access 10.0.0.0
|
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security verify access | eq | 10.0.3.0 | |
ibm security verify access | eq | 10.0.4.0 |
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
45.2%