Lucene search

IBM7FCBB950E00C39D6ECD1EB7ABB9E1812096236F71D62E4A461B4DFB69948642E

HistoryFeb 14, 2023 - 9:03 a.m.

Security Bulletin: CVE-2022-21624 may affect IBM® SDK, Java™ Technology Edition for Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint

2023-02-1409:03:03

www.ibm.com

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

51.5%

JSON

Summary

CVE-2022-21624 was disclosed in the Oracle October 2022 Critical Patch Update.

Vulnerability Details

CVEID:CVE-2022-21624
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to update, insert or delete data resulting in a low integrity impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238699 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
Content Collector for Email	4.0.1
Content Collector for Microsoft SharePoint	4.0.1
Content Collector for File Systems	4.0.1

Remediation/Fixes

Product	VRM	Remediation
Content Collector for Email	4.0.1	Use Content Collector for Email 4.0.1.15 Interim Fix IF003
Content Collector for File Systems	4.0.1	Use Content Collector for File Systems 4.0.1.15 Interim Fix IF003
Content Collector for Microsoft SharePoint	4.0.1	Use Content Collector for Microsoft SharePoint 4.0.1.15 Interim Fix IF003

Workarounds and Mitigations

None

CPENameOperatorVersion
content collectoreq4.0.0
content collectoreq4.0.1

CPE	Name	Operator	Version
	content collector	eq	4.0.0
	content collector	eq	4.0.1

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

51.5%

JSON

Related for 7FCBB950E00C39D6ECD1EB7ABB9E1812096236F71D62E4A461B4DFB69948642E