Lucene search

IBM42075A0851B193D2E474A46C71BE32E359DC784C54825677933C92C338E4A590

HistoryJul 19, 2022 - 9:40 p.m.

Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities - Java SE (CVE-2020-2773)

2022-07-1921:40:00

www.ibm.com

ibm resilient soar

java se

vulnerability

cve-2020-2773

denial of service

upgrade

ibm java sdk

security advisory

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.001

Percentile

49.9%

JSON

Summary

IBM Resilient SOAR is Using Components with Known Vulnerabilities - Java SE.

Vulnerability Details

CVEID:CVE-2020-2773
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179673 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
Resilient OnPrem	IBM Security SOAR

Remediation/Fixes

Users must upgrade to v41.0 of IBM Resilient in order to obtain a fix for this vulnerability. This upgrades the version of IBM Java SDK to 8.0 Service Refresh 6 Fix Pack 26.

You can upgrade the platform by following the instructions in the “Upgrade Procedure” section in the IBM Knowledge Center.