6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
44.9%
Vulnerability in IBM Java SDK affects OS Image for Red Hat Linux Systems shipped with Cloud Pak System. Cloud Pak System has addressed vulnerability. [CVE-2021-28167]
CVEID:CVE-2021-28167
**DESCRIPTION:**Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by a flaw in the jdk.internal.reflect.ConstantPool API. By sending a specially-crafted request, an attacker could exploit this vulnerability to call static methods or access static members without running the class initialization method.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/200533 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Cloud Pak System Software Suite | 2.3.3.0 |
IBM Cloud Pak System | 2.3 |
For unsupported version/release/platform IBM recommends upgrading to a fixed, supported /release/platform of the product. Notice for IBM Cloud Pak System W3700 (5725-X32), IBM Cloud Pak System W3500 (5725-Z16), IBM Cloud Pak System W3550 (5725-Z17), IBM Cloud Pak System Software v2.3.0.0, v2.3.1.0, IBM Cloud Pak System Software Suite v2.3.0.0, v2.3.1.0 as per IBM Withdrawal announcement ENUS922-058.
Cloud Pak System upgraded Java to IBM SDK Java 8.0.7.0 along with Cloud Pak System v2.3.3.4.
For IBM Cloud Pak System V2.3.0 through to V2.3.3.3 Interim Fix 1.
upgrade to IBM Cloud Pak System V2.3.3.4 or later at IBM Fix Central.
Information on upgrading at : <http://www.ibm.com/support/docview.wss?uid=ibm10887959>
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud pak system software | eq | 2.3 |
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
44.9%