5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
59.0%
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by SPSS Collaboration and Deployment Services. These issues have been addressed.
CVEID:CVE-2022-21628
**DESCRIPTION:**Java SE is vulnerable to a denial of service, caused by a flaw in the Lightweight HTTP Server. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238623 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2022-21626
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238689 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2022-21624
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to update, insert or delete data resulting in a low integrity impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238699 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID:CVE-2022-21619
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to update, insert or delete data resulting in a low integrity impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238698 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
SPSS Collaboration and Deployment Services | 8.0 |
SPSS Collaboration and Deployment Services | 8.1 |
SPSS Collaboration and Deployment Services | 8.1.1 |
SPSS Collaboration and Deployment Services | 8.2 |
SPSS Collaboration and Deployment Services | 8.2.1 |
SPSS Collaboration and Deployment Services | 8.2.2 |
SPSS Collaboration and Deployment Services | 8.3 |
Remediation/Fixes
Product | VRMF | Remediation/First Fix |
---|---|---|
SPSS Collaboration and Deployment Services | 8.0.0.0 | 8.0.0.0 |
SPSS Collaboration and Deployment Services | 8.1.0.0 | 8.1.0.0 |
SPSS Collaboration and Deployment Services | 8.1.1.0 | 8.1.1.0 |
SPSS Collaboration and Deployment Services | 8.2.0.0 | 8.2.0.0 |
SPSS Collaboration and Deployment Services | 8.2.1.0 | 8.2.1.0 |
SPSS Collaboration and Deployment Services | 8.2.2.0 | 8.2.2.0 |
SPSS Collaboration and Deployment Services | 8.3.0.0 | 8.3.0.0 |
Fixes for Components:
SPSS Collaboration and Deployment Services Repository Server deployed to WebSphere Liberty profile.
SPSS Collaboration and Deployment Services Scoring Server deployed to WebSphere Liberty profile.
SPSS Collaboration and Deployment Services Deployment Manager.
Important Notes:
For the Repository Server deployed to WebSphere Application Server traditional, it uses JRE for Websphere, please refer to Websphere document and upgrade JRE from IBM Installation Manager.
For the Repository Server deployed to other Application Server, please contact vendor for vulnerability and remediation information.
You should verify applying this fix does not cause any compatibility issues in your environment.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm spss collaboration and deployment services | eq | 8.2 | |
ibm spss collaboration and deployment services | eq | 8.2.1 |
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
59.0%