Lucene search

K
ibm
IBM8B0CCF03E1AB5E837B22F3F63A7EBF415DCECEEC04D69C3EE480A021B1ACEDA0
HistoryApr 20, 2022 - 5:04 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java JRE affect IBM InfoSphere Global Name Management (CVE-2021-35578, CVE-2021-35550, CVE-2021-35603)

2022-04-2017:04:55
www.ibm.com
32

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

0.002 Low

EPSS

Percentile

50.3%

Summary

There are multiple vulnerabilities in the Java used in IBM InfoSphere Global Name Management (GNM).

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
IBM InfoSphere Global Name Management 6.0
IBM InfoSphere Global Name Management 6.0
IBM InfoSphere Global Name Management 6.0

Remediation/Fixes

Per the original bulletin for CVE-2021-35578 (<https://www.ibm.com/support/pages/node/6522860&gt;), apply IBM Java 8.0.7.0 or later.
Per the original bulletins for CVE-2021-35550 (<https://www.ibm.com/support/pages/node/6559262&gt;) and CVE-2021-35603 (<https://www.ibm.com/support/pages/node/6559266&gt;), apply IBM Java 8.0.7.5 or later.

IBM recommends installing the latest version 8 Service Refresh 7 release. All three issues can be addressed by updating GNM 6 using the files and instructions in GNM 6 interim fix 13, available at IBM fix central, which updates the IBM Java in GNM to version 8.0.7.5.

Workarounds and Mitigations

None

CPENameOperatorVersion
infosphere global name managementeq6.0
Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

0.002 Low

EPSS

Percentile

50.3%

Related for 8B0CCF03E1AB5E837B22F3F63A7EBF415DCECEEC04D69C3EE480A021B1ACEDA0