Security Bulletin: IBM Integration Designer is vulnerable to denial of service ( CVE-2022-21626)

2022-12-2218:51:35

www.ibm.com

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

52.2%

JSON

Summary

The fix includes a new version of the IBM Runtime Environment Java Version 8 that resolves the specified vulnerability.

Vulnerability Details

CVEID:CVE-2022-21626
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238689 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Remediation/Fixes

IBM Integration Designer 22.0.2

IBM Integration Designer 22.0.1

IBM Integration Designer 21.0.3

IBM Integration Designer 20.0.0.2

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm integration designereq22.0.2
ibm integration designereq22.0.1
ibm integration designereq21.0.3
ibm integration designereq20.0.0.2