Lucene search

K
ibmIBM6755FFC6C8BDCE154C057AC84F0D180AB70F9362B4D00B88359A6D1ADF61D14A
HistoryFeb 01, 2023 - 6:06 a.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects App Connect Professional.

2023-02-0106:06:10
www.ibm.com
15
ibm java sdk
app connect professional
denial of service

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

59.5%

Summary

There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in Quarterly CPU - Oct 2022, App Connect Professional have addressed the applicable CVEs.

Vulnerability Details

**CVEID:**CVE-2022-21628 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by a flaw in the Lightweight HTTP Server. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238623 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2022-21626 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238689 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2022-21624 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to update, insert or delete data resulting in a low integrity impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238699 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

**CVEID:**CVE-2022-21619 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to update, insert or delete data resulting in a low integrity impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238698 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
App connect professional 755

Remediation/Fixes

Product VRMF APAR Remediation/First Fix
App Connect Professional 7.5.5.0 LI82864 7550 Fixcentral link

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmapp_connect_professionalMatch755
OR
ibmapp_connect_professionalMatch018
VendorProductVersionCPE
ibmapp_connect_professional755cpe:2.3:a:ibm:app_connect_professional:755:*:*:*:*:*:*:*
ibmapp_connect_professional018cpe:2.3:a:ibm:app_connect_professional:018:*:*:*:*:*:*:*

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

59.5%

Related for 6755FFC6C8BDCE154C057AC84F0D180AB70F9362B4D00B88359A6D1ADF61D14A