6.6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
0.967 High
EPSS
Percentile
99.6%
Multiple vulnerabilities in Apache log4j affect IBM WebSphere Application Server (CVE-2021-45105, CVE-2021-44832). IBM WebSphere Application Server is bundled with IBM Cloud Pak for Applications. There is a vulnerability in the Apache log4j library used by IBM WebSphere Application Server traditional in the Admin Console and UDDI Registry application. This has been addressed in IBM WebSphere Application Server by removing log4j from the Admin Console and UDDI Registry application.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Principal Affected Product(s) and Version(s) | Affected Product(s) and Version(s) |
---|---|
IBM Cloud Pak for Applications, 4.3 |
WebSphere Application Server
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud pak for applications | eq | 4.3 |
6.6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
0.967 High
EPSS
Percentile
99.6%