Lucene search

K
ibmIBM53D2631E5E76894870663A2B4948D3A4F72BDEEDF8C87935B788F981BEE5852B
HistoryDec 16, 2021 - 2:18 a.m.

Security Bulletin: IBM Security Privileged Identity Manager NOT Affected by CVE-2021-44228 Exploit

2021-12-1602:18:21
www.ibm.com
28

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

99.9%

Summary

IBM Security Privileged Identity Manager NOT Affected by CVE-2021-44228 Exploit.

Vulnerability Details

After conducting extensive research on product code base, it is determined that all versions of IBM Security Privileged Identity Manager are not vulnerable to Java library Apache log4j v2 with JNDI exploit (CVE-2021-44228).

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

99.9%

Related for 53D2631E5E76894870663A2B4948D3A4F72BDEEDF8C87935B788F981BEE5852B