CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
Low
IBM App Connect Enterprise Certified Container (ACEcc) is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.20 (LTS), 12.0.3 (LTS) and 12.3.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities.
CVEID:CVE-2024-21131
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low integrity impact.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/298464 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID:CVE-2024-21138
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause a low availability impact.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/298465 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2024-21140
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality, low integrity impacts.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/298466 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVEID:CVE-2024-21144
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Concurrency component could allow a remote attacker to cause low availability impact.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/298470 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2024-21145
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the 2D component could allow a remote attacker to cause low confidentiality, low integrity impacts.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/298467 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVEID:CVE-2024-21147
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity impacts.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/298469 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
App Connect Enterprise Certified Container | 5.0-lts |
App Connect Enterprise Certified Container | 7.1 |
App Connect Enterprise Certified Container | 7.2 |
App Connect Enterprise Certified Container | 8.0 |
App Connect Enterprise Certified Container | 8.1 |
App Connect Enterprise Certified Container | 8.2 |
App Connect Enterprise Certified Container | 9.0 |
App Connect Enterprise Certified Container | 9.1 |
App Connect Enterprise Certified Container | 9.2 |
App Connect Enterprise Certified Container | 10.0 |
App Connect Enterprise Certified Container | 10.1 |
App Connect Enterprise Certified Container | 11.0 |
App Connect Enterprise Certified Container | 11.1 |
App Connect Enterprise Certified Container | 11.2 |
App Connect Enterprise Certified Container | 11.3 |
App Connect Enterprise Certified Container | 11.4 |
App Connect Enterprise Certified Container | 11.5 |
App Connect Enterprise Certified Container | 11.6 |
App Connect Enterprise Certified Container | 12.0-sc2 |
App Connect Enterprise Certified Container | 12.1 |
App Connect Enterprise Certified Container | 12.2 |
IBM strongly suggests the following:
App Connect Enterprise Certified Container up to 12.2.0 (Continuous Delivery)
Upgrade to App Connect Enterprise Certified Container Operator version 12.3.0 or higher, and ensure that all components are at 12.0.12.5-r1 or higher. Documentation on the upgrade process is available at <https://www.ibm.com/docs/en/app-connect/containers_cd?topic=releases-upgrading-operator>
App Connect Enterprise Certified Container 12.0 LTS (Long Term Support)
Upgrade to App Connect Enterprise Certified Container Operator version 12.0.3 or higher, and ensure that all components are at 12.0.12-r3 or higher. Documentation on the upgrade process is available at <https://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases>
App Connect Enterprise Certified Container 5.0 LTS (Long Term Support)
Upgrade to App Connect Enterprise Certified Container Operator version 5.0.20 or higher, and ensure that all components are at 12.0.12.4-r1-lts or higher. Documentation on the upgrade process is available at <https://www.ibm.com/docs/en/app-connect-contlts?topic=releases-upgrading-operator>
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | app_connect_enterprise | 5.0 | cpe:2.3:a:ibm:app_connect_enterprise:5.0:*:*:*:*:*:*:* |
ibm | app_connect_enterprise | 7.1 | cpe:2.3:a:ibm:app_connect_enterprise:7.1:*:*:*:*:*:*:* |
ibm | app_connect_enterprise | 7.2 | cpe:2.3:a:ibm:app_connect_enterprise:7.2:*:*:*:*:*:*:* |
ibm | app_connect_enterprise | 8.0 | cpe:2.3:a:ibm:app_connect_enterprise:8.0:*:*:*:*:*:*:* |
ibm | app_connect_enterprise | 8.1 | cpe:2.3:a:ibm:app_connect_enterprise:8.1:*:*:*:*:*:*:* |
ibm | app_connect_enterprise | 8.2 | cpe:2.3:a:ibm:app_connect_enterprise:8.2:*:*:*:*:*:*:* |
ibm | app_connect_enterprise | 9.0 | cpe:2.3:a:ibm:app_connect_enterprise:9.0:*:*:*:*:*:*:* |
ibm | app_connect_enterprise | 9.1 | cpe:2.3:a:ibm:app_connect_enterprise:9.1:*:*:*:*:*:*:* |
ibm | app_connect_enterprise | 9.2 | cpe:2.3:a:ibm:app_connect_enterprise:9.2:*:*:*:*:*:*:* |
ibm | app_connect_enterprise | 10.0 | cpe:2.3:a:ibm:app_connect_enterprise:10.0:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
Low