IBM54F7075EB44A679B0D459C3F5C31967D768D0A32C6396DD4A43C96C69381515DSecurity Bulletin: Vulnerability in IBM Java Runtime affects Host On-Demand
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
0.002 Low
EPSS
Percentile
51.8%
Summary
There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by Host On-Demand. Host On-Demand has provided a fix for the applicable CVE. The issue was disclosed as part of the IBM Java SDK and Runtime Environment update from part of Oracle’s April 2023 Critical Patch Update.
Vulnerability Details
CVEID:CVE-2023-21930
**DESCRIPTION:**An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an unauthenticated attacker to cause high confidentiality impact and high integrity impact.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253115 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Host On-Demand | V14 - 14.0.6.0_iFix001 |
Remediation/Fixes
IBM strongly recommends addressing the vulnerability now by installing this fix or a newer iFix or Fix Pack.
Product
|
VRMF
|
Remediation
|
**File Name **
—|—|—|—
Host On-Demand
|
14.0 - 14.0.6.0_iFix001
|
|
HOD_14.0.6.0_iFix001
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm host on-demand | eq | 14.0. |
Related
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
0.002 Low
EPSS
Percentile
51.8%