Lucene search

IBM7C1E27DB68B9CC41157CBB4046A0C89044DE0BBB287ADEFBE68C423CA365633D

HistoryOct 06, 2022 - 5:37 a.m.

Security Bulletin: IBM Sterling Connect:Direct Browser User Interface vulnerable to multiple issues due to IBM Runtime Environment Java

2022-10-0605:37:49

www.ibm.com

ibm sterling connect:direct browser ui

java se

cve-2022-21496

cve-2022-21434

cve-2022-21443

vulnerability

jndi component

libraries component

confidentiality impact

integrity impact

availability impact

cvss base score

cvss temporal score

fix/remediation

ifix-33

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

48.4%

JSON

Summary

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions. Sterling Connect:Direct Browser User Interface has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2022-21496
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/224777 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2022-21434
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/224718 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2022-21443
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/224726 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Sterling Connect:Direct Browser User Interface	1.5.0.2
IBM Sterling Connect:Direct Browser User Interface	1.4.1.1

Remediation/Fixes

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmibm_sterling_connect\Matchdirect_browser_user_interface1.5.0.2

CPENameOperatorVersion
sterling connect:direct browser user interfaceeq1.5.0.2

CPE	Name	Operator	Version
	sterling connect:direct browser user interface	eq	1.5.0.2

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

48.4%

JSON

Related for 7C1E27DB68B9CC41157CBB4046A0C89044DE0BBB287ADEFBE68C423CA365633D