Lucene search

IBM5A10AEEF992DF37274D86FCDBAC469E38A8A726C8A83CCB9E6C1EE25F982C179

HistoryMay 17, 2023 - 9:10 p.m.

Security Bulletin: IBM InfoSphere Information Server is affected but not classified as vulnerable to a denial of service vulnerability in XNIO (CVE-2022-0084)

2023-05-1721:10:38

www.ibm.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

52.8%

JSON

Summary

A denial of service vulnerability in XNIO used byIBM InfoSphere Information Server was addressed.

Vulnerability Details

CVEID:CVE-2022-0084
**DESCRIPTION:**XNIO is vulnerable to a denial of service, caused by a flaw in the notifyReadClosed method. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause log contention-related performance concerns or an unwanted disk fill-up, and results in a denial of service condition.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/234581 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
InfoSphere Information Server	11.7

Remediation/Fixes

Product	VRMF	APAR	Remediation
InfoSphere Information Server, InfoSphere Information Server on Cloud	11.7	DT197705	--Apply IBM InfoSphere Information Server version 11.7.1.0
--Apply InfoSphere Information Server version 11.7.1.4
--Apply InfoSphere Information Server 11.7.1.4 Service pack 1

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm infosphere information servereq11.7

CPE	Name	Operator	Version
	ibm infosphere information server	eq	11.7

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

52.8%

JSON

Related for 5A10AEEF992DF37274D86FCDBAC469E38A8A726C8A83CCB9E6C1EE25F982C179