Lucene search

K
ibm
IBM615905D1396A1CBD269B1D48EBB13503BF40945AB42992171E0EC1378652CC1E
HistoryApr 18, 2022 - 8:36 a.m.

Security Bulletin: Multiple security vulnerabilities have been identified in WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) (CVE-2021-35550 and CVE-2021-35603)

2022-04-1808:36:08
www.ibm.com
27

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

0.001 Low

EPSS

Percentile

48.2%

Summary

WebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager (SKLM). Information about multiple security vulnerabilities affecting WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Principal Product and Version(s)

| Affected Supporting Product and Version
—|—
IBM Security Key Lifecycle Manager (SKLM) v3.0 | WebSphere Application Server v9.0.0.5
IBM Security Key Lifecycle Manager (SKLM) v3.0.1 | WebSphere Application Server v9.0.0.5
IBM Security Key Lifecycle Manager (SKLM) v4.0 | WebSphere Application Server v9.0.5.0
IBM Security Key Lifecycle Manager (SKLM) v4.1 | WebSphere Application Server v9.0.5.5
IBM Security Key Lifecycle Manager (SKLM) v4.1.1 | WebSphere Application Server Liberty v21.0.0.6

Remediation/Fixes

Please consult the Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM Application Server Liberty due to January 2022 CPU plus deferred CVE-2021-35550 and CVE-2021-35603 for vulnerability details and information about fixes.

Workarounds and Mitigations

None

Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

0.001 Low

EPSS

Percentile

48.2%

Related for 615905D1396A1CBD269B1D48EBB13503BF40945AB42992171E0EC1378652CC1E