Lucene search

IBM2086D78578107C87118705CD43C5319ABE0509F632BBA56B836AF909B50F1A9F

HistoryAug 17, 2022 - 8:07 p.m.

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2022 - Includes Oracle April 2022 CPU (minus CVE-2022-21426)affects IBM Security Verify Governance, Identity Manager virtual appliance component

2022-08-1720:07:42

www.ibm.com

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

44.3%

JSON

Summary

IBM Security Verify Governance, Identity Manager virtual appliance component has addressed the applicable CVE.

Vulnerability Details

CVEID:CVE-2022-21496
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/224777 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Security Verify Governance, Identity Manager virtual appliance component	10.0

Remediation/Fixes

Affected Product(s) |

Version(s)

Fix Availability

—|—|—

IBM Security Verify Governance, Identity Manager Virtual appliance component

10.0 FP4

10.0.0.0-ISS-ISVG-IMVA-FP0004

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm security verify governance, identity manager virtual appliance componenteq10.0

CPE	Name	Operator	Version
	ibm security verify governance, identity manager virtual appliance component	eq	10.0

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

44.3%

JSON

Related for 2086D78578107C87118705CD43C5319ABE0509F632BBA56B836AF909B50F1A9F