8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
46.7%
IBM Spectrum Protect for Workstations Central Administration Console requires the dependent product IBM WebSphere Application Server Liberty. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Refer to the security bulletin link proviced in the Remediation/Fixes section.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Protect for Workstations Central Administration Console | 8.1.0.0-8.1.2.x |
Upgrading Liberty to 22.0.0.2 or later fixes the security issue (CVE-2021-39031) reported by the following IBM WebSphere Application Server Liberty security bulletin:
<https://www.ibm.com/support/pages/node/6550488>
To upgrade the version of Liberty used by Central Administration Console (CAC) perform the following steps:
1. Download the Liberty update, (e.g., wlp-base-all-22.0.0.2.jar or later) from:
<https://www.ibm.com/support/pages/22002-websphere-application-server-liberty-22002>
2. Change the jar file to a zip file (e.g., change wlp-base-all-22.0.0.2.jar to wlp-base-all-22.0.0.2.zip or later)
3. Run net stop CAC_Service
4. Unzip the file (e.g., unizip wlp-base-all-22.0.0.2.zip)
5. Copy the wlp folder into the CAC install directory, typically C:\Program Files\Tivoli\TSM\CAC
6. Run net start CAC_Service
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm spectrum protect for workstations | eq | 8.1 |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
46.7%