Lucene search

IBM6DAC6EEB805151FF0072109D2D98136A384E05F33006B9BA3A7F387BA115999C

HistoryOct 18, 2021 - 11:34 a.m.

Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Storwize V7000 Unified (CVE-2021-2341)

2021-10-1811:34:16

www.ibm.com

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

44.2%

JSON

Summary

Vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by IBM Storwize V7000 Unified. These issues were disclosed as part of the IBM Java SDK updates in July 2021.

Vulnerability Details

CVEID:CVE-2021-2341
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205768 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Storwize V7000 Unified	1.6.0.0 - 1.6.2.9

Remediation/Fixes

A fix for these issues is in version v1.6.2.10 of IBM Storwize V7000 Unified. Customers running an affected version of IBM Storwize V7000 Unified should upgrade to 1.6.2.10 or a later version.

Latest Storwize V7000 Unified Software

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm storwize v7000 unified (2073-700)eq1.6

CPE	Name	Operator	Version
	ibm storwize v7000 unified (2073-700)	eq	1.6

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

44.2%

JSON

Related for 6DAC6EEB805151FF0072109D2D98136A384E05F33006B9BA3A7F387BA115999C