8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
46.7%
IBM SPSS Analytic Server uses IBM WebSphere Application Server Liberty. An LDAP injection vulnerability in IBM WebSphere Application Server Liberty has been addressed
CVEID:CVE-2021-39031
**DESCRIPTION:**IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 213875.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213875 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM SPSS Analytic Server | 3.0 |
IBM SPSS Analytic Server | 3.1 |
IBM SPSS Analytic Server | 3.2 |
IBM SPSS Analytic Server | 3.3 |
IBM strongly recommends addressing the vulnerability now by applying the following fixes.
Product | VRMF | _Fixes _** ** |
---|---|---|
IBM SPSS Analytic Server | 3.0.x | 3.0.x - IFIX |
IBM SPSS Analytic Server | 3.1.x | 3.1.x - IFIX |
IBM SPSS Analytic Server | 3.2.x | 3.2.x - IFIX |
IBM SPSS Analytic Server | 3.3.x | 3.3.x - IFIX |
Before Analytic Server 3.2.0.x, please use wlp-webProfile7-22.0.0.3.zip
<https://www.ibm.com/support/pages/node/6560398>
The recommended solutions include upgrading to IBM SPSS Analytic Server 3.3.0 IFIX as above, or upgrading your IBM WebSphere Application Server Liberty version as described in the WebSphere Application Server security bulletin.
None
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
46.7%