Lucene search

K
ibmIBM86B15422FEE58FE9F2F1B22520453D09FFA84C6049446DCE8467C766E3B57967
HistoryMar 08, 2022 - 7:44 p.m.

Security Bulletin: Security vulnerability in Apache log4j used by IBM Db2 used by IBM Security Verify Governance, Identity Manager software component (CVE-2021-44228)

2022-03-0819:44:42
www.ibm.com
251

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.976 High

EPSS

Percentile

100.0%

Summary

A vulnerability exists in Apache log4j, which affects IBM Db2, which in turn is used by IBM Security Verify Governance, Identity Manager software component. Information about the security vulnerability affecting IBM Db2 has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
IBM Security Verify Governance, Identity Manager software component All versions through 10.0.0.3

Remediation/Fixes

IBM strongly encourages customers to rapidly apply available updates to their systems.

Principal Product and Version(s) Affected Supporting Product and Version(s) Affected Supporting Product Security Bulletin
ISVG 10.0.0.3 Db2 V11.5 Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-44228)

Workarounds and Mitigations

None

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.976 High

EPSS

Percentile

100.0%