Lucene search

IBMA52A98EDDE1D6C0A6034F96CE62C30E3EEF3E309278235A82CB3223AEB327B9E

HistoryJun 28, 2023 - 12:28 p.m.

Security Bulletin: CVE-2022-21426 may affect IBM® SDK, Java™ Technology Edition shipped with IBM CICS TX Advanced

2023-06-2812:28:00

www.ibm.com

ibm

cics tx advanced

cve-2022-21426

java technology edition

denial of service

low availability

vulnerability

fix

linux

ibm support

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.001 Low

EPSS

Percentile

42.4%

JSON

Summary

CVE-2022-21426 may affect IBM® SDK, Java™ Technology Edition shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVE.

Vulnerability Details

CVEID:CVE-2022-21426
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/224714 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM CICS TX Advanced	10.1
IBM CICS TX Advanced	11.1

Remediation/Fixes

Product	Version	Platform	Remediation/Fix
IBM CICS TX Advanced

10.1

| Linux| Fix Central Link
IBM CICS TX Advanced|

11.1

| Linux| Fix Central Link

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmcics_txMatch10.1

ibmcics_txMatch11.1

CPENameOperatorVersion
cics txeq10.1
cics txeq11.1

CPE	Name	Operator	Version
	cics tx	eq	10.1
	cics tx	eq	11.1

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.001 Low

EPSS

Percentile

42.4%

JSON

Related for A52A98EDDE1D6C0A6034F96CE62C30E3EEF3E309278235A82CB3223AEB327B9E