Lucene search

IBM62B94397D99A3E1590BBCD417C7FE18ED1D6C5FFEDFF3734B58EA411D1C03453

HistoryDec 01, 2023 - 10:34 a.m.

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to remote attack due to IBM Java SDK (CVE-2023-22045, CVE-2023-22049)

2023-12-0110:34:38

www.ibm.com

ibm tivoli netcool impact

remote attack

ibm java sdk

vulnerability

cve-2023-22045

cve-2023-22049

update

7.1.0 fp32

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.1%

JSON

Summary

IBM® SDK Java™ Technology Edition is shipped as a component of IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable issues, CVE-2023-22045 and CVE-2023-22049

Vulnerability Details

CVEID:CVE-2023-22045
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality impacts.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261047 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2023-22049
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow a remote attacker to cause low integrity impacts.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261048 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Tivoli Netcool Impact	7.1.0

Remediation/Fixes

Product	VRMF	APAR	Remediation
IBM Tivoli Netcool Impact 7.1.0.0 - 7.1.0.31	7.1.0.32	IJ49071	Upgrade to IBM Tivoli Netcool Impact 7.1.0 FP32

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmtivoli_netcool\/impactMatch7.1.0

CPENameOperatorVersion
tivoli netcool/impacteq7.1.0

CPE	Name	Operator	Version
	tivoli netcool/impact	eq	7.1.0

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.1%

JSON

Related for 62B94397D99A3E1590BBCD417C7FE18ED1D6C5FFEDFF3734B58EA411D1C03453