Lucene search

IBM9FD2E9C66619362A32DE4524AA1584928DB440CB9828F6FFBD3C98115D160446

HistoryNov 10, 2022 - 10:47 p.m.

Security Bulletin: A vulnerability in IBM Java Runtime used by the IBM Installation Manager and IBM Packaging Utility - CVE-2021-2163

2022-11-1022:47:00

www.ibm.com

ibm java runtime

ibm installation manager

packaging utility

cve-2021-2163

vulnerability

update

remediation

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

60.9%

JSON

Summary

There is a vulnerability in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVE and we recommend updating to the latest version to remediate.

Vulnerability Details

CVEID:CVE-2021-2163
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/200292 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Installation Manager and IBM Packaging Utility	1.9.0.0 - 1.9.2.2

Remediation/Fixes

IBM Installation Manager and IBM Packaging Utility| 1.9.x| APAR IJ32229| 1.9.2.3 IBM Installation Manager Remediation
1.9.2.3 IBM Packaging Utility Remediation
—|—|—|—

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibminstallation_managerMatch1.9.2.3

VendorProductVersionCPE
ibminstallation_manager1.9.2.3cpe:2.3:a:ibm:installation_manager:1.9.2.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	installation_manager	1.9.2.3	cpe:2.3:a:ibm:installation_manager:1.9.2.3:::::::*

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

60.9%

JSON

Related for 9FD2E9C66619362A32DE4524AA1584928DB440CB9828F6FFBD3C98115D160446