Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM5375862729855AF25B6969FFC5594391CA818023E3CA327F27D8636EE275EB30
HistorySep 22, 2022 - 6:15 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Watson Explorer and Watson Explorer Content Analytics Studio (CVE-2022-21496, CVE-2022-21299)

2022-09-2218:15:27
www.ibm.com
8

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

53.4%

JSON

Summary

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Watson Explorer and Watson Explorer Content Analytics Studio. Watson Explorer and Watson Explorer Content Analytics Studio have addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2022-21496
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/224777 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2022-21299
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217594 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Watson Explorer DAE
Foundational Components 12.0.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.10
IBM Watson Explorer DAE
Analytical Components 12.0.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.10
IBM Watson Explorer DAE
oneWEX 12.0.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.10
IBM Watson Explorer
Foundational Components 11.0.0.0 - 11.0.0.3,
11.0.1,
11.0.2.0 -
11.0.2.14
IBM Watson Explorer Foundational Components Annotation Administration Console 12.0.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.10
IBM Watson Explorer Foundational Components Annotation Administration Console 11.0.0.0 - 11.0.0.3,
11.0.1,
11.0.2.0 -
11.0.2.14
IBM Watson Explorer Analytical Components 11.0.0.0 - 11.0.0.3,
11.0.1,
11.0.2.0 -
11.0.2.14
IBM Watson Explorer Content Analytics Studio 12.0.0, 12.0.1, 12.0.2, 12.0.3
IBM Watson Explorer Content Analytics Studio 11.0.0.0 - 11.0.0.3,
11.0.1, 11.0.2.0 - 11.0.2.2

Remediation/Fixes

Affected Produc****t Affected Versions Required IBM Java Runtime How to acquire and apply the fix
IBM Watson Explorer DAE
Foundational Components 12.0.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.10 JVM 8 SR7 FP10 or later

  1. If you have not already installed, install V12.0.3.10 (see the Fix Pack download document). If you upgrade to Version 12.0.3.10 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.

  2. Download the IBM Java Runtime, Version 8 package for your operating system from Fix Central: interim fix 12.0.3.10-WS-WatsonExplorer-DAEFoundational-<OS>-8SR7FP11 or later (for example, 12.0.3.10-WS-WatsonExplorer-DAEFoundational-Linux-8SR7FP11).

  3. To apply the fix, follow the steps in Updating IBM Java Runtime.
    IBM Watson Explorer DAE
    Analytical Components| 12.0.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.10| JVM 8 SR7 FP10 or later|

  4. If you have not already installed, install V12.0.3.10 (see the Fix Pack download document). If you upgrade to Version 12.0.3.10 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.

  5. Download the IBM Java Runtime, Version 8 package for your operating system from Fix Central: interim fix 12.0.3.10-WS-WatsonExplorer-DAEAnalytical-<OS>-8SR7FP11 or later (for example, 12.0.3.10-WS-WatsonExplorer-DAEAnalytical-Linux-8SR7FP11).

  6. To apply the fix, follow the steps in Updating IBM Java Runtime.
    IBM Watson Explorer DAE
    oneWEX| 12.0.0.0, 12.0.0.1, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.10| JVM 8 SR7 FP10 or later|

  7. If you have not already installed, install V12.0.3.10 (see the Fix Pack download document). If you upgrade to Version 12.0.3.10 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.

  8. Download the IBM Java Runtime, Version 8 package for your operating system from Fix Central: interim fix 12.0.3.10-WS-WatsonExplorer-DAEoneWEX-8SR7FP11.

  9. To apply the fix, follow the steps in Updating IBM Java Runtime.
    IBM Watson Explorer
    Foundational Components| 11.0.0.0 - 11.0.0.3,
    11.0.1,
    11.0.2.0 -
    11.0.2.14| JVM 8 SR7 FP10 or later|

  10. If you have not already installed, install V11.0.2 Fix Pack 14 (see the Fix Pack download document). If you upgrade to Version 11.0.2.14 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.

  11. Download the IBM Java Runtime, Version 8 package for your edition (Enterprise or Advanced) and operating system from Fix Central: interim fix 11.0.2.14-WS-WatsonExplorer-<Edition>Foundational-<OS>-8SR7FP11 or later (for example, 11.0.2.14-WS-WatsonExplorer-EEFoundational-Linux-8SR7FP11).

  12. To apply the fix, follow the steps in Updating IBM Java Runtime.
    IBM Watson Explorer Foundational Components Annotation Administration Console|

12.0.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.10

| JVM 8 SR7 FP10 or later|

  1. If you have not already installed, install V12.0.3.10 (see the Fix Pack download document). If you upgrade to Version 12.0.3.10 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.

  2. Download the IBM Java Runtime, Version 8 package for your operating system from Fix Central: interim fix 12.0.3.10-WS-WatsonExplorer-DAEFoundationalAAC-<OS>-8SR7FP11 or later (for example, 12.0.3.10-WS-WatsonExplorer-DAEFoundationalAAC-Linux-8SR7FP11).

  3. To apply the fix, follow the steps in Updating IBM Java Runtime.
    IBM Watson Explorer Foundational Components Annotation Administration Console| 11.0.0.0 - 11.0.0.3,
    11.0.1,
    11.0.2.0 -
    11.0.2.14| JVM 8 SR7 FP10 or later|

  4. If you have not already installed, install V11.0.2 Fix Pack 14 (see the Fix Pack download document). If you upgrade to Version 11.0.2.14 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.

  5. Download the IBM Java Runtime, Version 8 package for your edition (Enterprise or Advanced) and operating system from Fix Central: interim fix 11.0.2.14-WS-WatsonExplorer-<Edition>FoundationalAAC-<OS>-8SR7FP11 or later (for example, 11.0.2.14-WS-WatsonExplorer-EEFoundationalAAC-Linux-8SR7FP11).

  6. To apply the fix, follow the steps in Updating IBM Java Runtime.
    IBM Watson Explorer Analytical Components| 11.0.0.0 - 11.0.0.3,
    11.0.1,
    11.0.2.0 -
    11.0.2.14| JVM 8 SR7 FP10 or later|

  7. If you have not already installed, install V11.0.2 Fix Pack 14 (see the Fix Pack download document). If you upgrade to Version 11.0.2.14 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.

  8. Download the IBM Java Runtime, Version 8 package for your edition (Enterprise or Advanced) and operating system from Fix Central: interim fix 11.0.2.14-WS-WatsonExplorer-<Edition>Analytical-<OS>-8SR7FP11 or later (for example, 11.0.2.14-WS-WatsonExplorer-EEAnalytical-Linux-8SR7FP11).

  9. To apply the fix, follow the steps in Updating IBM Java Runtime.
    IBM Watson Explorer Content Analytics Studio| 12.0.0, 12.0.1, 12.0.2, 12.0.3| JVM 8 SR7 FP10 or later|

  10. If you have not already installed, install Version 12.0.3. For information about Version 12.0.3, and links to the software and release notes, see the download document. If you upgrade to Version 12.0.3 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.

  11. Download the IBM Java Runtime, Version 8 package and operating system from Fix Central: interim fix 12.0.3.0-WS-WatsonExplorer-DAEAnalytical-CAStudio-8SR7FP11 or later (for example, 12.0.3.0-WS-WatsonExplorer-AEAnalytical-CAStudio-8SR7FP11, which includes 64-bit version of IBM Java Runtime).

  12. To apply the fix, follow the steps in Updating IBM Java Runtime.
    IBM Watson Explorer Content Analytics Studio|

11.0.0.0 - 11.0.0.3,
11.0.1, 11.0.2.0 - 11.0.2.2

| JVM 8 SR7 FP10 or later|

  1. If you have not already installed, install Version 11.0.2.2. If you upgrade to Version 11.0.2.2 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.
* For information about Version 11.0.2, and links to the software and release notes, see the [download document](&lt;http://www.ibm.com/support/docview.wss?uid=swg24042893&gt;).
* For information about upgrading, see the [upgrade procedures](&lt;http://www.ibm.com/support/docview.wss?uid=swg27049072&gt;).For information about Version 11.0.2.2, see the [download document](&lt;http://www.ibm.com/support/docview.wss?uid=swg24044331&gt;).
  1. Download the IBM Java Runtime, Version 8 package and operating system from Fix Central: interim fix 11.0.2.2-WS-WatsonExplorer-AEAnalytical-CAStudio-8SR7FP11 or later (for example, 11.0.2.2-WS-WatsonExplorer-AEAnalytical-CAStudio-8SR7FP11, which includes 64-bit version of IBM Java Runtime).
  2. To apply the fix, follow the steps in Updating IBM Java Runtime.

Workarounds and Mitigations

None

Related

ibm 103
redhat 9
alpinelinux 2
cbl_mariner 1
cve 2
nessus 36
veracode 2
prion 2
ubuntucve 2
osv 7
redhatcve 2
cnvd 1
debiancve 2
broadcom 1
openvas 12
suse 2
f5 1
almalinux 2
mageia 1
cloudlinux 1
amazon 2
oraclelinux 4
altlinux 1
rocky 1
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to April 2022 CPU plus deferred CVE-2022-21299
2022-06-13 17:56:33
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2022-21496 and CVE-2022-21299)
2022-06-17 08:32:30
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2022-21496 and CVE-2022-21299)
2022-06-16 15:09:06
redhat
redhat
(RHSA-2022:4957) Moderate: java-1.7.1-ibm security update
2022-06-08 12:14:13
(RHSA-2022:1728) Important: java-11-openjdk security update
2022-05-17 22:32:47
(RHSA-2022:1438) Important: OpenJDK 8u332 security update for Portable Linux Builds
2022-04-28 18:57:17
alpinelinux
alpinelinux
CVE-2022-21299
2022-01-19 12:15:00
CVE-2022-21496
2022-04-19 21:15:00
cbl_mariner
cbl_mariner
CVE-2022-21299 affecting package openjdk8 1.8.0.292-1
2022-03-10 23:47:38
cve
cve
CVE-2022-21299
2022-01-19 12:15:00
CVE-2022-21496
2022-04-19 21:15:00
nessus
nessus
RHEL 7 : java-1.7.1-ibm (RHSA-2022:4957)
2022-06-08 00:00:00
EulerOS 2.0 SP8 : java-1.8.0-openjdk (EulerOS-SA-2022-1932)
2022-06-22 00:00:00
SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2022:2540-1)
2022-07-24 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2022-01-29 17:13:37
Privilege Escalation
2022-04-23 08:53:48
prion
prion
Buffer overflow
2022-01-19 12:15:00
Buffer overflow
2022-04-19 21:15:00
ubuntucve
ubuntucve
CVE-2022-21299
2022-01-19 00:00:00
CVE-2022-21496
2022-04-26 00:00:00
osv
osv
CVE-2022-21299
2022-01-19 12:15:12
CVE-2022-21496
2022-04-19 21:15:00
openjdk-11 - security update
2022-05-05 00:00:00
redhatcve
redhatcve
CVE-2022-21496
2022-04-20 08:47:49
CVE-2022-21299
2022-01-18 21:50:16
cnvd
cnvd
Oracle Java SE Input Validation Error Vulnerability (CNVD-2022-15485)
2022-01-24 00:00:00
debiancve
debiancve
CVE-2022-21299
2022-01-19 12:15:00
CVE-2022-21496
2022-04-19 21:15:00
broadcom
broadcom
BSA-2022-1931
2022-07-14 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for java-1.8.0-openjdk (EulerOS-SA-2022-1932)
2022-06-22 00:00:00
openSUSE: Security Advisory for java-1_8_0-ibm (SUSE-SU-2022:2650-1)
2022-08-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:2650-1)
2022-08-04 00:00:00
suse
suse
Security update for java-1_8_0-ibm (important)
2022-08-03 00:00:00
Security update for java-1_8_0-openjdk (important)
2022-07-22 00:00:00
f5
f5
K44270253 : OpenJDK vulnerabilities CVE-2022-21291, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296, and CVE-2022-21299
2022-09-09 00:00:00
almalinux
almalinux
Important: java-11-openjdk security update
2022-04-20 12:24:01
Important: java-1.8.0-openjdk security update
2022-04-25 15:17:09
mageia
mageia
Updated java packages fix security vulnerability
2022-07-16 22:58:20
cloudlinux
cloudlinux
Fixed CVEs in java-1.8.0-openjdk: CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21426, CVE-2022-21496
2022-06-02 12:59:09
amazon
amazon
Important: java-17-amazon-corretto
2022-04-25 23:54:00
Important: java-11-amazon-corretto
2022-04-25 23:48:00
oraclelinux
oraclelinux
java-1.8.0-openjdk security update
2022-06-30 00:00:00
java-11-openjdk security update
2022-06-30 00:00:00
java-1.8.0-openjdk security update
2022-04-25 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package java-11-openjdk version 0:11.0.15.0.10-alt1_1jpp11
2022-07-14 00:00:00
rocky
rocky
java-11-openjdk security update
2022-04-20 12:24:01

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

53.4%

JSON
Related for 5375862729855AF25B6969FFC5594391CA818023E3CA327F27D8636EE275EB30
ibm103redhat9alpinelinux2cbl_mariner1cve2nessus36veracode2prion2ubuntucve2osv7redhatcve2cnvd1debiancve2broadcom1openvas12suse2f51almalinux2mageia1cloudlinux1amazon2oraclelinux4altlinux1rocky1