8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
46.4%
IBM PowerVM Novalink, which consumes IBM WebSphere Application Server Liberty 21.0.0.10, could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM strongly recommends addressing the vulnerability now by applying the fix below which provides upgrade to IBM WebSphere Application Server Liberty to 22.0.0.2.
CVEID:CVE-2021-39031
**DESCRIPTION:**IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 213875.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213875 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM PowerVM NovaLink | 1.0.0.16 |
IBM PowerVM NovaLink | 2.0.0.0 |
IBM PowerVM NovaLink | 2.0.1 |
IBM PowerVM NovaLink | 2.0.2 |
IBM PowerVM NovaLink | 2.0.2.1 |
IBM strongly recommends addressing the vulnerability now by upgrading based on the table below.
Product | Version | Remediation |
---|---|---|
IBM PowerVM NovaLink | 1.0.0.16 | Update to pvm-novalink 1.0.0.16-220215 |
IBM PowerVM NovaLink | 2.0.0.0 | Update to pvm-novalink 2.0.1-220215 or later |
IBM PowerVM NovaLink | 2.0.1 | Update to pvm-novalink 2.0.1-220215 or later |
IBM PowerVM NovaLink | 2.0.2 | Update to pvm-novalink 2.0.2.1-220215 or later |
IBM PowerVM NovaLink | 2.0.2.1 | Update to pvm-novalink 2.0.2.1-220215 |
None
CPE | Name | Operator | Version |
---|---|---|---|
powervm novalink | eq | 1.0.0.16 | |
powervm novalink | eq | 2.0.1 | |
powervm novalink | eq | 2.0.2.1 |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
46.4%