Lucene search

IBM0741DF5A49DF1BCD9871E1D123E0F5066ECC0A62615973AD011A636D334F8383

HistoryNov 07, 2023 - 9:27 p.m.

Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affects InfoSphere Data Replication

2023-11-0721:27:47

www.ibm.com

ibm sdk

java technology edition

infosphere data replication

vulnerabilities

upgrades

oracle graalvm

cve-2023-21930

cve-2023-21967

cve-2023-21954

cve-2023-21937

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

6.8 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

51.8%

JSON

Summary

Multiple vulnerabilities in IBM SDK, Java Technology Edition used in InfoSphere Data Replication was addressed.

Vulnerability Details

CVEID:CVE-2023-21930
**DESCRIPTION:**An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an unauthenticated attacker to cause high confidentiality impact and high integrity impact.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253115 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID:CVE-2023-21967
**DESCRIPTION:**An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow a remote attacker to cause high availability impact.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253156 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-21954
**DESCRIPTION:**An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the Hotspot component could allow a remote attacker to cause high confidentiality impact.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253166 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2023-21937
**DESCRIPTION:**An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the Networking component could allow a remote attacker to cause integrity impact.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253167 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
InfoSphere Data Replication	11.4.0
InfoSphere Data Replication	11.4
InfoSphere Data Replication	11.3.3

Remediation/Fixes

Update to the latest offering fix pack found here:

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%3FInformation%20Management&product=ibm/Information+Management/IBM+InfoSphere+Data+Replication&release=11.4&platform=All&function=all&source=fc

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibminfosphere_change_data_captureMatch11.3.3

ibminfosphere_change_data_captureMatch11.4

CPENameOperatorVersion
infosphere change data captureeq11.3.3
infosphere change data captureeq11.4

CPE	Name	Operator	Version
	infosphere change data capture	eq	11.3.3
	infosphere change data capture	eq	11.4

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

6.8 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

51.8%

JSON

Related for 0741DF5A49DF1BCD9871E1D123E0F5066ECC0A62615973AD011A636D334F8383