Lucene search

K
ibm
IBM99D636505B9EA1BB4C8A94B1D2E0E91F89288A21948C0439AA480C523A5C8CB8
HistoryFeb 14, 2023 - 9:04 p.m.

Security Bulletin: IBM CICS TX Advanced is vulnerable to several no confidentiality exposures due to IBM SDK, Java Technology Edition

2023-02-1421:04:36
www.ibm.com
35

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

43.6%

Summary

IBM SDK, Java Technology Edition is used by CICS TX Advanced to run WebSphere Liberty, Fix Installer and Java based CICS applications. The fix removes the no confidentiality exposure vulnerabilities CVE-2022-21496, CVE-2022-21434 and CVE-2022-21443 from IBM SDK, JTE.

Vulnerability Details

CVEID:CVE-2022-21496
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/224777 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2022-21434
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/224718 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2022-21443
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/224726 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM CICS TX Advanced 10.1
IBM CICS TX Advanced 11.1

Remediation/Fixes

IBM strongly recommends addressing the vulnerability by downloading and applying the interim fixes from the table below

Product

| Version| Defect| Remediation / First Fix
—|—|—|—
IBM CICS TX Advanced|

11.1

| 127795| Download fix here
IBM CICS TX Advanced|

10.1

| 127795| Download fix here

Workarounds and Mitigations

None

CPENameOperatorVersion
cics txeq10.1
cics txeq11.1
How to protect your server from attacks?

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

43.6%

Related for 99D636505B9EA1BB4C8A94B1D2E0E91F89288A21948C0439AA480C523A5C8CB8