Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMAA95933D7B0EF8BD76A6D2C0172538AB84543843B3B68C6131B66D6E04E56EF7
HistoryDec 13, 2022 - 1:11 a.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact (CVE-2021-41041, CVE-2022-3676)

2022-12-1301:11:03
www.ibm.com
14
ibm tivoli netcool impact
ibm java sdk
cve-2021-41041
cve-2022-3676
eclipse openj9
security restrictions
memory access

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

48.5%

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2021-41041
**DESCRIPTION:**Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by failing to throw the exception captured during bytecode verification when verification. By sending a specially-crafted request, an attacker could exploit this vulnerability to make unverified methods to be invoked using MethodHandles.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225398 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2022-3676
**DESCRIPTION:**Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by improper runtime type check by the interface calls. By sending a specially-crafted request using bytecode, an attacker could exploit this vulnerability to access or modify memory.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239608 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Tivoli Netcool Impact 7.1.0

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.

Product VRMF APAR Remediation
IBM Tivoli Netcool Impact 7.1.0 7.1.0.0 - 7.1.0.27 IJ44157 Upgrade to IBM Tivoli Netcool Impact 7.1.0 FP28

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmtivoli_netcool\/impactMatch7.1.0
CPENameOperatorVersion
tivoli netcool/impacteq7.1.0

Related

ibm 95
cve 2
cvelist 2
osv 2
nessus 9
ubuntucve 1
nvd 2
redhatcve 1
prion 2
openvas 5
aix 1
redhat 2
suse 1
ibm
ibm
Security Bulletin: IBM CICS TX Standard is vulnerable to allowing a remote attacker to bypass security restrictions (CVE-2021-41041).
2023-02-14 21:14:53
Security Bulletin: IBM Workload Scheduler potentially affected by vulnerability in Eclipse Openj9 (CVE-2021-41041)
2023-01-30 17:54:11
Security Bulletin: A security vulnerability has been identified in IBM Java shipped with IBM Intelligent Operations Center (CVE-2021-41041)
2022-10-26 05:53:30
cve
cve
CVE-2021-41041
2022-04-27 02:15:38
CVE-2022-3676
2022-10-24 14:15:51
cvelist
cvelist
CVE-2021-41041
2022-04-27 02:10:10
CVE-2022-3676
2022-10-24 00:00:00
osv
osv
CVE-2021-41041
2022-04-27 02:15:38
CVE-2022-3676
2022-10-24 14:15:51
nessus
nessus
IBM Java 8.0 < 8.0.7.10
2022-09-14 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : java-1_8_0-ibm (SUSE-SU-2023:0375-1)
2023-02-14 00:00:00
IBM Java 7.0 < 7.0.11.15 / 7.1 < 7.1.5.15 / 8.0 < 8.0.7.20
2022-11-16 00:00:00
ubuntucve
ubuntucve
CVE-2021-41041
2022-04-27 00:00:00
nvd
nvd
CVE-2021-41041
2022-04-27 02:15:38
CVE-2022-3676
2022-10-24 14:15:51
redhatcve
redhatcve
CVE-2021-41041
2022-09-20 08:13:15
prion
prion
Design/Logic Flaw
2022-04-27 02:15:00
Design/Logic Flaw
2022-10-24 14:15:00
openvas
openvas
openSUSE: Security Advisory for java (SUSE-SU-2023:0375-1)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:4591-1)
2022-12-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:0375-1)
2023-02-13 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2022-12-22 10:09:37
redhat
redhat
(RHSA-2022:5837) Moderate: java-1.8.0-ibm security update
2022-08-02 07:29:26
(RHSA-2022:4959) Moderate: java-1.8.0-ibm security update
2022-06-08 12:24:05
suse
suse
Security update for java-1_8_0-openj9 (important)
2022-09-06 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

48.5%

JSON
Related for AA95933D7B0EF8BD76A6D2C0172538AB84543843B3B68C6131B66D6E04E56EF7
ibm95cve2cvelist2osv2nessus9ubuntucve1nvd2redhatcve1prion2openvas5aix1redhat2suse1