Lucene search

IBM5CEAD8C253F69D6A5CDC05C2332D71D82CE7470C0538049FA49907A4C9423F0E

HistoryMar 19, 2022 - 4:14 a.m.

Security Bulletin: A vulnerability in Java SE affects IBM Control Center (CVE-2021-35603)

2022-03-1904:14:54

www.ibm.com

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

43.1%

JSON

Summary

A number of operations in the JSSE component are implemented in a way that means they could be exploited by anattacker in a side-channel attack due to timing differences. The fix ensures that the operations complete in constant-time.

Vulnerability Details

CVEID:CVE-2021-35603
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211676 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Control Center	6.1.3
IBM Control Center	6.2.1.0
IBM Control Center	6.2.0.0

Remediation/Fixes

Product

VRMF

iFix

Remediation

—|—|—|—

IBM Control Center

6.1.3.0

iFix12

Fix Central - 6.1.3.0

IBM Control Center

6.2.0.0

iFix16

Fix Central - 6.2.0.0 (ETA by 3-25-2022)

IBM Control Center

6.2.1.0

iFix06

Fix Central - 6.2.1.0 (ETA by 3-25-2022)

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm control centereq6.2.1.0
ibm control centereq6.1.3.0
ibm control centereq6.2.0.0

Name	Operator	Version
ibm control center	eq	6.2.1.0
ibm control center	eq	6.1.3.0
ibm control center	eq	6.2.0.0

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

43.1%

JSON

Related for 5CEAD8C253F69D6A5CDC05C2332D71D82CE7470C0538049FA49907A4C9423F0E