Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM7FD757C20141F80F1F1D081D501850A688D63390033CC95BDE45AD6C23B12BE9
HistorySep 23, 2024 - 7:39 p.m.

Security Bulletin: IBM Sterling Control Center v6.2.x and v6.3.x are vulnerable due to IBM Semeru Runtime vulnerabiliy

2024-09-2319:39:42
www.ibm.com
2
ibm sterling control center
ibm semeru runtime
openjdk
vulnerability
cve-2023-22049
cve-2023-22036
cve-2023-22006
java se
fix
mitigation

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

6.4

Confidence

Low

JSON

Summary

IBM Semeru Runtime Quarterly CPU - Jul 2023 - Includes OpenJDK July 2023 CPU and CVE-2023-22049, CVE-2023-22036, CVE-2023-22006 affecting Sterling Control Center v6.2.1 and v6.3.1.

Vulnerability Details

CVEID:CVE-2023-22049
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow a remote attacker to cause low integrity impacts.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261048 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2023-22036
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Utility component could allow a remote attacker to cause low availability impacts.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261044 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2023-22006
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Networking component could allow a remote attacker to cause low integrity impacts.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261043 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Control Center 6.2.x
IBM Control Center 6.3.x

Remediation/Fixes

Product

|

Version

|

Remediation

—|—|—

IBM Sterling Control Center

|

6.3.x GA

|

6.3.1.0 iFix02 Fix Central - 6.3.1.0

IBM Sterling Control Center

|

6.2.x GA

|

6.2.1.0 iFix13 Fix Central - 6.2.1.0

Workarounds and Mitigations

  • It is already fixed in 621 ifix13 with java version 8.0.8.20
  • It is already fixed in 631 ifix02 with java version 17.0.10.0.
  • CVE-2023-22049 - fixed in 8.0.382.0 (semeru),fixed in 17.0.8.0 for semeru 17 ,fixed in 8.0.8.10
  • CVE-2023-22036 - N/A for semeru 8,fixed in 17.0.8.0 for semeru 17, Not applicable to IBM 8/JRE
  • CVE-2023-22006 - N/A for semeru 8,fixed in 17.0.8.0 for semeru 17, Not applicable to IBM 8/JRE

Affected configurations

Vulners
Node
ibmcontrol_centerMatch6.3.1.0
OR
ibmcontrol_centerMatch6.2.1.0
VendorProductVersionCPE
ibmcontrol_center6.3.1.0cpe:2.3:a:ibm:control_center:6.3.1.0:*:*:*:*:*:*:*
ibmcontrol_center6.2.1.0cpe:2.3:a:ibm:control_center:6.2.1.0:*:*:*:*:*:*:*

Related

ibm 32
redhat 24
nessus 57
openvas 19
oraclelinux 7
osv 16
debian 3
almalinux 4
ubuntu 3
gentoo 1
amazon 2
kaspersky 1
cve 3
ubuntucve 3
debiancve 3
alpinelinux 3
veracode 3
nvd 3
prion 3
cvelist 3
redhatcve 3
f5 2
aix 1
ibm
ibm
Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java
2024-07-29 04:26:41
Security Bulletin: Multiple vulnerabilities may affect IBM® Semeru Runtime
2023-08-23 11:49:53
Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2023-22006, CVE-2023-22036 & CVE-2023-22049)
2024-01-26 15:01:23
redhat
redhat
(RHSA-2023:4163) Moderate: java-11-openjdk security and bug fix update
2023-07-19 16:37:24
(RHSA-2023:4208) Moderate: OpenJDK security update
2023-07-20 11:53:15
(RHSA-2023:4158) Moderate: java-11-openjdk security and bug fix update
2023-07-20 11:23:52
nessus
nessus
RHEL 8 : java-11-openjdk (RHSA-2023:4165)
2023-07-20 00:00:00
AlmaLinux 9 : java-11-openjdk (ALSA-2023:4158)
2023-07-21 00:00:00
CentOS 7 : java-11-openjdk (RHSA-2023:4233)
2023-12-22 00:00:00
openvas
openvas
Oracle Java SE Security Update (apr2023) 01 - Linux
2023-07-19 00:00:00
Oracle Java SE Security Update (jul2023) 01 - Windows
2023-07-19 00:00:00
Debian: Security Advisory (DSA-5458-1)
2023-07-26 00:00:00
oraclelinux
oraclelinux
java-11-openjdk security and bug fix update
2023-07-26 00:00:00
java-11-openjdk security and bug fix update
2023-07-28 00:00:00
java-11-openjdk security and bug fix update
2023-07-21 00:00:00
osv
osv
Moderate: java-11-openjdk security and bug fix update
2023-07-20 00:00:00
openjdk-17 - security update
2023-07-25 00:00:00
Moderate: java-11-openjdk security and bug fix update
2023-07-20 00:00:00
debian
debian
[SECURITY] [DSA 5458-1] openjdk-17 security update
2023-07-25 18:52:56
[SECURITY] [DLA 3571-1] openjdk-11 security update
2023-09-19 07:45:23
[SECURITY] [DSA 5478-1] openjdk-11 security update
2023-08-16 18:26:38
almalinux
almalinux
Moderate: java-11-openjdk security and bug fix update
2023-07-20 00:00:00
Moderate: java-11-openjdk security and bug fix update
2023-07-20 00:00:00
Moderate: java-17-openjdk security and bug fix update
2023-07-20 00:00:00
ubuntu
ubuntu
OpenJDK 20 vulnerabilities
2023-08-03 00:00:00
OpenJDK regression
2023-08-30 00:00:00
OpenJDK vulnerabilities
2023-08-01 00:00:00
gentoo
gentoo
HarfBuzz: Denial of Service
2024-07-10 00:00:00
amazon
amazon
Medium: java-11-amazon-corretto
2023-07-17 17:39:00
Medium: java-17-amazon-corretto
2023-07-17 17:39:00
kaspersky
kaspersky
KLA51006 Multiple vulnerabilities in Oracle Java SE and GraalVM
2023-07-18 00:00:00
cve
cve
CVE-2023-22006
2023-07-18 21:15:12
CVE-2023-22036
2023-07-18 21:15:13
CVE-2023-22049
2023-07-18 21:15:14
ubuntucve
ubuntucve
CVE-2023-22006
2023-07-18 00:00:00
CVE-2023-22036
2023-07-18 00:00:00
CVE-2023-22049
2023-07-18 00:00:00
debiancve
debiancve
CVE-2023-22036
2023-07-18 21:15:13
CVE-2023-22006
2023-07-18 21:15:12
CVE-2023-22049
2023-07-18 21:15:14
alpinelinux
alpinelinux
CVE-2023-22036
2023-07-18 21:15:13
CVE-2023-22006
2023-07-18 21:15:12
CVE-2023-22049
2023-07-18 21:15:14
veracode
veracode
Denial Of Service (DoS)
2023-11-30 20:28:52
Improper Authorization
2023-11-30 20:30:12
Improper Input Validation
2023-10-02 19:13:50
nvd
nvd
CVE-2023-22036
2023-07-18 21:15:13
CVE-2023-22006
2023-07-18 21:15:12
CVE-2023-22049
2023-07-18 21:15:14
prion
prion
Buffer overflow
2023-07-18 21:15:00
Buffer overflow
2023-07-18 21:15:00
Buffer overflow
2023-07-18 21:15:00
cvelist
cvelist
CVE-2023-22006
2023-07-18 20:18:06
CVE-2023-22036
2023-07-18 20:18:20
CVE-2023-22049
2023-07-18 20:18:32
redhatcve
redhatcve
CVE-2023-22036
2023-07-19 13:43:42
CVE-2023-22006
2023-07-19 13:43:33
CVE-2023-22049
2023-07-19 13:43:57
f5
f5
K000135626 : Oracle Java vulnerability CVE-2023-22036
2023-07-27 00:00:00
K000135637 : Java vulnerability CVE-2023-22049
2023-07-27 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2023-08-31 12:31:07

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

6.4

Confidence

Low

JSON
Related for 7FD757C20141F80F1F1D081D501850A688D63390033CC95BDE45AD6C23B12BE9
ibm32redhat24nessus57openvas19oraclelinux7osv16debian3almalinux4ubuntu3gentoo1amazon2kaspersky1cve3ubuntucve3debiancve3alpinelinux3veracode3nvd3prion3cvelist3redhatcve3f52aix1