Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM8449C092935C85C32C1C5139DA86783DA997A8DA7BCDBA032A64697AA7176069
HistoryFeb 27, 2023 - 3:09 p.m.

Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights

2023-02-2715:09:32
www.ibm.com
31

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

58.9%

JSON

Summary

Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights 1.3.6 or earlier. The following vulnerabilities, [CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628] allowing unauthorized access of unauthenticated attacker with network access to compromise Java SE to cause a partial denial of service and CVE-2022-3676 allowing malicious bytecode to access and modify type and memory. The vulnerabilities have been addressed.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
IBM Operations Analytics Predictive Insights 1.3.3
IBM Operations Analytics Predictive Insights 1.3.5
IBM Operations Analytics Predictive Insights 1.3.6

Remediation/Fixes

IBM strongly suggests applying 1.3.6 InterimI Fix 6 from Fix Central:
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Tivoli/IBM+SmartCloud+Analytics±+Predictive+Insights&release=1.3.6

Then, download and apply IBM SDK, Java Technology Edition release 8.0.7.20 with the latest fixes from the Java Developer Center.

Workarounds and Mitigations

None

Related

ibm 54
nessus 64
openvas 16
osv 11
redhat 22
almalinux 5
oraclelinux 8
centos 2
rocky 6
fedora 3
amazon 4
aix 1
f5 1
broadcom 1
kaspersky 1
ibm
ibm
Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to bypassing security restrictions, denial of service attacks, and data integrity impacts due to multiple vulnerabilities.
2023-02-07 15:54:17
Security Bulletin: Multiple security vulnerabilities in Java may affect IBM Robotic Process Automation (CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619, CVE-2022-3676)
2023-01-25 20:42:53
Security Bulletin: Vulnerabilities in the Java JDK affect IBM Event Streams (CVE-2022-3676, CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619)
2022-12-05 16:45:34
nessus
nessus
openSUSE 15 Security Update : java-1_8_0-openj9 (SUSE-SU-2022:4250-1)
2023-01-20 00:00:00
Amazon Corretto Java 8.x < 8.352.08.1 Multiple Vulnerabilities
2022-10-18 00:00:00
EulerOS 2.0 SP5 : java-1.8.0-openjdk (EulerOS-SA-2023-1506)
2023-03-08 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:4373-1)
2022-12-09 00:00:00
Fedora: Security Advisory for java-1.8.0-openjdk (FEDORA-2022-361f34f2a9)
2022-11-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:4452-1)
2022-12-14 00:00:00
osv
osv
Moderate: java-1.8.0-openjdk security update
2022-10-20 07:34:19
Moderate: java-1.8.0-openjdk security update
2022-10-20 00:00:00
Moderate: java-1.8.0-openjdk security update
2022-10-19 21:13:39
redhat
redhat
(RHSA-2022:7049) Moderate: OpenJDK 8u352 Windows Security Update
2022-10-20 10:07:20
(RHSA-2022:7005) Moderate: java-1.8.0-openjdk security update
2022-10-19 21:10:14
(RHSA-2022:7003) Moderate: java-1.8.0-openjdk security update
2022-10-19 21:07:12
almalinux
almalinux
Moderate: java-1.8.0-openjdk security update
2022-10-19 00:00:00
Moderate: java-1.8.0-openjdk security update
2022-10-20 00:00:00
Moderate: java-17-openjdk security and bug fix update
2022-10-19 00:00:00
oraclelinux
oraclelinux
java-1.8.0-openjdk security update
2022-10-21 00:00:00
java-1.8.0-openjdk security and bug fix update
2022-10-21 00:00:00
java-1.8.0-openjdk security update
2022-10-21 00:00:00
centos
centos
java security update
2022-10-26 14:19:03
java security update
2022-10-26 14:18:08
rocky
rocky
java-1.8.0-openjdk security update
2022-10-20 07:34:19
java-1.8.0-openjdk security update
2022-10-19 21:13:39
java-17-openjdk security and bug fix update
2022-10-20 07:37:48
fedora
fedora
[SECURITY] Fedora 35 Update: java-1.8.0-openjdk-1.8.0.352.b08-2.fc35
2022-11-03 15:31:20
[SECURITY] Fedora 36 Update: java-1.8.0-openjdk-1.8.0.352.b08-2.fc36
2022-11-03 15:58:42
[SECURITY] Fedora 37 Update: java-1.8.0-openjdk-1.8.0.352.b08-2.fc37
2022-11-10 22:53:40
amazon
amazon
Medium: java-1.8.0-openjdk
2023-01-30 16:02:00
Medium: java-1.8.0-openjdk
2023-01-31 20:44:00
Medium: java-11-amazon-corretto
2022-10-17 21:46:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2022-12-22 10:09:37
f5
f5
K46859523 : Multiple Java vulnerabilities
2022-10-21 00:00:00
broadcom
broadcom
Azul Zulu Java Multiple Vulnerabilities (CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399)
2023-08-29 00:00:00
kaspersky
kaspersky
KLA20013 Multiple vulnerabilities in Oracle Java SE and GraalVM
2022-10-18 00:00:00

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

58.9%

JSON
Related for 8449C092935C85C32C1C5139DA86783DA997A8DA7BCDBA032A64697AA7176069
ibm54nessus64openvas16osv11redhat22almalinux5oraclelinux8centos2rocky6fedora3amazon4aix1f51broadcom1kaspersky1