Lucene search

K
ibmIBM43BD66A891FDF399124F87174A7745DFB775BCB719DC37C3FD4D4FA55F3FE7EA
HistoryJul 04, 2022 - 7:16 p.m.

Security Bulletin: A security vulnerability has been identified in Apache poi-scratchpad shipped with IBM Tivoli Netcool Impact (CVE-2022-26336)

2022-07-0419:16:39
www.ibm.com
14
apache poi-scratchpad
ibm tivoli netcool impact
cve-2022-26336
denial of service
security vulnerability
hmef package
out of memory
server crash
upgrade fix
ibm tivoli netcool impact 7.1.0 fp26

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.6%

Summary

Apache poi-scratchpad is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting Apache poi-scratchpad has been published in a security bulletin.

Vulnerability Details

CVEID:CVE-2022-26336
**DESCRIPTION:**Apache POI is vulnerable to a denial of service, caused by an out of memory exception flaw in the HMEF package. By persuading a victim to open a specially-crafted TNEF file, a remote attacker could exploit this vulnerability to cause the server to crash.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221045 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Tivoli Netcool Impact 7.1.0

Remediation/Fixes

Product VRMF APAR Remediation
IBM Tivoli Netcool Impact 7.1.0 7.1.0.26 IJ40288 Upgrade to IBM Tivoli Netcool Impact 7.1.0 FP26

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmtivoli_netcool\/impactMatch7.1.0
VendorProductVersionCPE
ibmtivoli_netcool\/impact7.1.0cpe:2.3:a:ibm:tivoli_netcool\/impact:7.1.0:*:*:*:*:*:*:*

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.6%

Related for 43BD66A891FDF399124F87174A7745DFB775BCB719DC37C3FD4D4FA55F3FE7EA