Lucene search

IBM42D2F393E2D5968188FE1066AA0401FE0337938BCE287834FB8D9D4F5E95C324

HistoryFeb 13, 2023 - 3:53 p.m.

Security Bulletin: IBM Sterling Connect:Direct FTP+ is vulnerable to denial of service due to IBM Java (CVE-2022-21626)

2023-02-1315:53:30

www.ibm.com

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

52.2%

JSON

Summary

IBM Java is used by IBM Sterling Connect:Direct FTP+ on AIX, Linux, Solaris, and Windows platforms in product configuration and data transmission. IBM Sterling Connect:Direct FTP+ on AIX, Linux, Solaris, and Windows platforms is impacted by a denial of service issue in IBM Java (CVE-2022-21626). IBM Sterling Connect:Direct FTP+ on AIX, Linux, Solaris, and Windows platforms has upgraded IBM Java to version 8.0.7.20 to address the issue.

Vulnerability Details

CVEID:CVE-2022-21626
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238689 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Sterling Connect:Direct FTP+	1.3.0.0-1.3.0.0.iFix021

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading Product	Version	Remediation/Fix/Instructions
IBM Sterling Connect:Direct FTP+	1.3.0.0-1.3.0.0.iFix021	Apply 1.3.0.iFix022, available on Fix Central.

For versions previous to 1.3.0, IBM recommends upgrading to a fixed, supported version of the product.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm sterling connect:direct ftp+eq1.3.0

CPE	Name	Operator	Version
	ibm sterling connect:direct ftp+	eq	1.3.0

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

52.2%

JSON

Related for 42D2F393E2D5968188FE1066AA0401FE0337938BCE287834FB8D9D4F5E95C324