Lucene search

IBM7B84727C49C1CFFEFB3D4125B29A97FE62051E89987123AB6C5061E0701E23E6

HistoryOct 27, 2023 - 12:43 p.m.

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker due to IBM SDK Java Technology Edition

2023-10-2712:43:20

www.ibm.com

ibm app connect enterprise

ibm integration bus

remote attacker

ibm sdk java technology edition

cve-2023-22049

vulnerability

low integrity impact

affected versions

fix pack

it44661.

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

28.1%

JSON

Summary

IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker due to IBM SDK Java Technology Edition (CVE-2023-22049).

Vulnerability Details

CVEID:CVE-2023-22049
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow a remote attacker to cause low integrity impacts.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261048 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM App Connect Enterprise	12.0.1.0 - 12.0.9.0
IBM App Connect Enterprise	11.0.0.1 - 11.0.0.22
IBM Integration Bus	10.1 - 10.1.0.1

Remediation/Fixes

IBM strongly recommends addressing the vulnerability/vulnerabilities now by the applying the appropriate fix to IBM Integration Bus/IBM App Connect Enterprise

Affected Product(s)	Version(s)	APAR	Remediation / Fixes
IBM App Connect Enterprise	12.0.1.0 - 12.0.9.0	IT44661

The APAR (IT44661) is available from

IBM App Connect Enterprise v12 - Fix Pack 12.0.10.0

IBM App Connect Enterprise| 11.0.0.1 - 11.0.0.22| IT44661|

The APAR (IT44661) is available from

IBM App Connect Enterprise v11 - Fix Pack 11.0.0.23

IBM Integration Bus| 10.1 - 10.1.0.1| IT44661|

The APAR (IT44661) is available from

IBM App Connect Enterprise v10.1 - Fix Pack 10.1.0.2

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmapp_connect_enterpriseRange12.0.1.0≥

ibmapp_connect_enterpriseRange≤12.0.9.0

ibmapp_connect_enterpriseRange11.0.0.1≥

ibmapp_connect_enterpriseRange≤11.0.0.22

ibmintegration_busRange10.1≥

ibmintegration_busRange≤10.1.0.1

CPENameOperatorVersion
ibm app connect enterprisege12.0.1.0
ibm app connect enterprisele12.0.9.0
ibm app connect enterprisege11.0.0.1
ibm app connect enterprisele11.0.0.22
ibm integration busge10.1
ibm integration busle10.1.0.1

Name	Operator	Version
ibm app connect enterprise	ge	12.0.1.0
ibm app connect enterprise	le	12.0.9.0
ibm app connect enterprise	ge	11.0.0.1
ibm app connect enterprise	le	11.0.0.22
ibm integration bus	ge	10.1
ibm integration bus	le	10.1.0.1