5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:C/I:N/A:N
0.002 Low
EPSS
Percentile
53.5%
IBM Predictive Maintenance and Quality and Predictive Maintenance Insights On-Premises is bundled with IBM SPSS, IBM Cognos, IBM DB2 and IBM Websphere Application Server Liberty. Some of the component products are vulnerable to unspecified vulnerability in Java runtime (CVE-2021-35603). This has been addressed by the components affected by the issue. Please refer to the Remediation section for details.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
IBM Predictive Maintenance and Quality | 1.0.x |
IBM Predictive Maintenance and Quality | 2.5.x |
IBM Predictive Maintenance and Quality | 2.0.x |
IBM strongly recommends addressing the vulnerabilities now by applying interim fixes for all components as listed for all Affected Products/Versions listed above.
Affected Component
|
_Remediation/Fix _
|
**Security Bulletin and****Fix Details
**
—|—|—
DB2 11.5
|
The recommended solution is to apply the appropriate fix for this vulnerability.
The fix for this vulnerability is in a later version of IBM JDK. Customers running any vulnerable fixpack level of an affected Program can download the latest version of IBM JDK from Fix Central.
|
<https://www.ibm.com/support/pages/node/6591297>
(CVE-2021-35603, CVE-2021-35550, CVE-2021-2341)
SPSS Collaboration and Deployment Services 8.2.1
|
Please apply Interim Fix for SPSS Collaboration and Deployment Services as per the Security Bulletin.
|
<https://www.ibm.com/support/pages/node/6565647>
(CVE-2021-35603 , CVE-2021-35550 , CVE-2021-35578, ** **CVE-2022-21341 , CVE-2022-21294 , CVE-2022-21293 , CVE-2022-21248 )
SPSS Statistics Server 26.0
|
Please apply Interim Fix as per the Security Bulletin.
|
<https://www.ibm.com/support/pages/node/6596951>(CVE-2021-35603)
None
CPE | Name | Operator | Version |
---|---|---|---|
predictive maintenance and quality | eq | 2.6.3 |
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:C/I:N/A:N
0.002 Low
EPSS
Percentile
53.5%