Java is used by IBM App Connect Enterprise Certified Container IntegrationServers. IBM App Connect Enterprise Certified Container IntegrationServer operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Java. [CVE-2022-21349]
CVEID:CVE-2022-21349
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the 2D component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217643 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
App Connect Enterprise Certified Container | 4.1 |
App Connect Enterprise Certified Container | 4.2 |
IBM strongly suggests the following:
App Connect Enterprise Certified Container 4.1.x to 4.2.x (Continuous Delivery)
Upgrade to App Connect Enterprise Certified Container Operator version 5.0.0 or higher, and ensure that all IntegrationServer components are at 12.0.5.0-r1-lts or higher. Documentation on the upgrade process is available at <https://www.ibm.com/docs/en/app-connect/containers_cd?topic=releases-upgrading-operator>
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm app connect enterprise | eq | 4.1 | |
ibm app connect enterprise | eq | 4.2 |