Lucene search

IBM68F7F2AEEE8CE9C25FC795CC19BC1C2B3688AF19BF6FD0F38D6FB1B223ED5A15

HistoryJul 06, 2023 - 5:18 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects App Connect Professional.

2023-07-0617:18:39

www.ibm.com

ibm java sdk

app connect professional

vulnerabilities

cve-2022-21426

denial of service

security update

software patch

low availability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.001 Low

EPSS

Percentile

42.4%

JSON

Summary

There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in April 2022, App Connect Professional have addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2022-21426
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/224714 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
App connect professional	755

Remediation/Fixes

Affected Product(s)	Version(s)	APAR	7550 Fixcentral link
App Connect Professional	7.5.5.0	LI82988	7550 Fixcentral link

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmapp_connectMatch755

ibmapp_connectMatch0755

CPENameOperatorVersion
app connect professionaleq755
app connect professionaleq0755

CPE	Name	Operator	Version
	app connect professional	eq	755
	app connect professional	eq	0755

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.001 Low

EPSS

Percentile

42.4%

JSON

Related for 68F7F2AEEE8CE9C25FC795CC19BC1C2B3688AF19BF6FD0F38D6FB1B223ED5A15