Security Bulletin: Multiple Security Vulnerabilities Affect IBM Cloud Transformation Advisor

2022-12-05T19:00:57

Description

## Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities. ## Vulnerability Details ** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) ** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. CVSS Base score: 5.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) ** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) ** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) ** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. CVSS Base score: 9 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) ** CVEID: **[CVE-2021-22960](<https://vulners.com/cve/CVE-2021-22960>) ** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by an error when parsing the body of chunked requests. A remote attacker could send a specially-crafted request to lead to HTTP Request Smuggling (HRS). An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. CVSS Base score: 6.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211171](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211171>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) ** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) ** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) ** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. CVSS Base score: 5.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) ** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) ** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. CVSS Base score: 5.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) ** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) ** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. CVSS Base score: 5.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) ** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) ** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. CVSS Base score: 5.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) ** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) ** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. CVSS Base score: 5.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) ** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) ** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. CVSS Base score: 5.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) ** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) ** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. CVSS Base score: 3.1 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) ** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) ** DESCRIPTION: **Eclipse Openj9 could provide weaker than expected security, caused by the failure to throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. An attacker could exploit this vulnerability to launch further attacks on the system. CVSS Base score: 5.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) ** CVEID: **[CVE-2021-22959](<https://vulners.com/cve/CVE-2021-22959>) ** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by an error related to a space in headers. A remote attacker could send a specially-crafted request with a space (SP) right after the header name before the colon to lead to HTTP Request Smuggling (HRS). An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. CVSS Base score: 6.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211168](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211168>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) ** CVEID: **[CVE-2021-29842](<https://vulners.com/cve/CVE-2021-29842>) ** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202. CVSS Base score: 3.7 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205202](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205202>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) ** Third Party Entry: **211964 ** DESCRIPTION: **Node.js ua-parser-js module could allow a remote attacker to execute arbitrary code on the system, caused by the containing of malicious code in the package. By persuading a victim to execute a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base score: 7.3 CVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/211964 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211964>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) ## Affected Products and Versions Affected Product(s)| Version(s) ---|--- IBM Cloud Transformation Advisor| 2.5.1 ## Remediation/Fixes Upgrade to 3.0.0 or later. IBM Cloud Transformation Advisor can be installed from OperatorHub page in Red Hat OpenShift Container Platform or locally following this [link](<https://www.ibm.com/cloud/architecture/tutorials/install-ibm-transformation-advisor-local> "link" ). ## Workarounds and Mitigations None ##

Affected Software

CPE Name	Name	Version
	ibm cloud transformation advisor	2.5

{"id": "ABBECC2CF1F809CE932B9130A6788B28E3F6228FC5599EA3FB4CD8372D7EA7C8", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletin: Multiple Security Vulnerabilities Affect IBM Cloud Transformation Advisor", "description": "## Summary\n\nIBM Cloud Transformation Advisor has addressed multiple security vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-22960](<https://vulners.com/cve/CVE-2021-22960>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by an error when parsing the body of chunked requests. A remote attacker could send a specially-crafted request to lead to HTTP Request Smuggling (HRS). An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211171](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211171>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could provide weaker than expected security, caused by the failure to throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-22959](<https://vulners.com/cve/CVE-2021-22959>) \n** DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by an error related to a space in headers. A remote attacker could send a specially-crafted request with a space (SP) right after the header name before the colon to lead to HTTP Request Smuggling (HRS). An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211168](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211168>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-29842](<https://vulners.com/cve/CVE-2021-29842>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205202](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205202>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** Third Party Entry: **211964 \n** DESCRIPTION: **Node.js ua-parser-js module could allow a remote attacker to execute arbitrary code on the system, caused by the containing of malicious code in the package. By persuading a victim to execute a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/211964 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211964>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Transformation Advisor| 2.5.1 \n \n\n\n## Remediation/Fixes\n\nUpgrade to 3.0.0 or later. \n\nIBM Cloud Transformation Advisor can be installed from OperatorHub page in Red Hat OpenShift Container Platform or locally following this [link](<https://www.ibm.com/cloud/architecture/tutorials/install-ibm-transformation-advisor-local> \"link\" ).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "published": "2022-12-05T19:00:57", "modified": "2022-12-05T19:00:57", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 9.3}, "severity": "HIGH", "exploitabilityScore": 8.6, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://www.ibm.com/support/pages/node/6539506", "reporter": "IBM", "references": [], "cvelist": ["CVE-2021-22959", "CVE-2021-22960", "CVE-2021-29842", "CVE-2021-35517", "CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-36090", "CVE-2021-41035", "CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "immutableFields": [], "lastseen": "2023-02-28T01:37:13", "viewCount": 22, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["JAVA_FEB2022_ADVISORY.ASC"]}, {"type": "akamaiblog", "idList": ["AKAMAIBLOG:65F0FA2139A357151F74FA41EF42B50F", "AKAMAIBLOG:7E872DA472DB19F259EC6E0D8CA018FF", "AKAMAIBLOG:94B715279ABA113C427A5E987C080DA7", "AKAMAIBLOG:B0985AEDEB4DAED26BDA30B9488D329D", "AKAMAIBLOG:B0DBF0121097FA293565FB7E66E09AB3"]}, {"type": "almalinux", "idList": ["ALSA-2021:3891", "ALSA-2021:3893", "ALSA-2021:4135", "ALSA-2021:5171", "ALSA-2022:0350"]}, {"type": "amazon", "idList": ["ALAS-2021-1553", "ALAS-2021-1554", "ALAS-2022-1561", "ALAS-2022-1580", "ALAS-2022-1601", "ALAS2-2021-1718", "ALAS2-2021-1726", "ALAS2-2021-1730", "ALAS2-2021-1731", "ALAS2-2021-1732", "ALAS2-2021-1733", "ALAS2-2022-1739", "ALAS2-2022-1773", "ALAS2-2022-1806"]}, {"type": "amd", "idList": ["AMD-SB-1034"]}, {"type": "apple", "idList": ["APPLE:251C897D47AD6A2DB0B7E3792A81C425"]}, {"type": "archlinux", "idList": ["ASA-202110-4", "ASA-202110-5", "ASA-202110-6"]}, {"type": "atlassian", "idList": ["CRUC-8529", "FE-7368"]}, {"type": "attackerkb", "idList": ["AKB:0B6C144F-2E5A-4D5E-B629-E45C2530CB94", "AKB:21AD0A36-A0AA-486B-A379-B47156286E9E", "AKB:3191CCF9-DA8E-43DF-8152-1E3A5D1A3C45", "AKB:398CAD69-31E4-4276-B510-D93B2C648A74", "AKB:83F1ABD4-4E2B-4E5A-BFE5-81C4FB7A474A", "AKB:B1318EAC-2E60-4695-B63B-2D10DAAA5B0E", "AKB:F2A441BA-2246-446C-9B34-400B2F3DD77B"]}, {"type": "avleonov", "idList": ["AVLEONOV:469525DB37AAC7A2242EE80C1BCBC8DB", "AVLEONOV:89C75127789AC2C132A3AA403F035902", "AVLEONOV:FEA9E4494A95F04BD598867C8CA5D246"]}, {"type": "broadcom", "idList": ["BSA-2022-1688", "BSA-2022-1689", "BSA-2022-1690", "BSA-2022-1691", "BSA-2022-1692", "BSA-2022-1693", "BSA-2022-1694"]}, {"type": "centos", "idList": ["CESA-2021:3889", "CESA-2021:3892"]}, {"type": "cert", "idList": ["VU:930724"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0936", "CPAI-2021-0955"]}, {"type": "checkpoint_security", "idList": ["CPS:SK176865"]}, {"type": "cisa", "idList": ["CISA:006B1DC6A817621E16EEB4560519A418", "CISA:380E63A9EAAD85FA1950A6973017E11B", "CISA:45B6D68A097309E99D8E7192B1E8A8BE", "CISA:6C962B804E593B231FDE50912F4D093A", "CISA:8367DA0C1A6F51FB2D817745BB204C48", "CISA:918B5EC3622C761B0424597D3F7AFF7C", "CISA:920F1DA8584B18459D4963D91C8DDA33", "CISA:F3C70D08CAE58CBD29A5E5ED6B2AE473"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2021-44228"]}, {"type": "cisco", "idList": ["CISCO-SA-APACHE-LOG4J-QRUKNEBD"]}, {"type": "citrix", "idList": ["CTX335705"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:690C01663F820378948F8CF2E2405F72"]}, {"type": "cloudlinux", "idList": ["CLSA-2022:1661176564"]}, {"type": "cnvd", "idList": ["CNVD-2021-101661", "CNVD-2021-102410", "CNVD-2021-81803", "CNVD-2021-81805", "CNVD-2021-81806", "CNVD-2021-81808", "CNVD-2021-81809", "CNVD-2021-81810", "CNVD-2021-81811", "CNVD-2021-87028", "CNVD-2022-01776"]}, {"type": "cve", "idList": ["CVE-2021-22959", "CVE-2021-22960", "CVE-2021-29842", "CVE-2021-3100", "CVE-2021-35517", "CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-36090", "CVE-2021-41035", "CVE-2021-4104", "CVE-2021-4125", "CVE-2021-44228", "CVE-2021-44530", "CVE-2021-45046", "CVE-2021-45105", "CVE-2022-0070", "CVE-2022-23848", "CVE-2022-33915"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2814-1:11F88", "DEBIAN:DLA-2842-1:95CB4", "DEBIAN:DLA-2852-1:37D89", "DEBIAN:DSA-5000-1:6CB68", "DEBIAN:DSA-5000-2:08205", "DEBIAN:DSA-5012-1:24591", "DEBIAN:DSA-5020-1:32A64", "DEBIAN:DSA-5022-1:D26EE", "DEBIAN:DSA-5024-1:FE296", "DEBIAN:DSA-5170-1:EDFB9"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-22959", "DEBIANCVE:CVE-2021-22960", "DEBIANCVE:CVE-2021-35517", "DEBIANCVE:CVE-2021-35556", "DEBIANCVE:CVE-2021-35559", "DEBIANCVE:CVE-2021-35560", "DEBIANCVE:CVE-2021-35564", "DEBIANCVE:CVE-2021-35565", "DEBIANCVE:CVE-2021-35578", "DEBIANCVE:CVE-2021-35586", "DEBIANCVE:CVE-2021-35588", "DEBIANCVE:CVE-2021-36090", "DEBIANCVE:CVE-2021-4104", "DEBIANCVE:CVE-2021-44228", "DEBIANCVE:CVE-2021-45046", "DEBIANCVE:CVE-2021-45105"]}, {"type": "exploitdb", "idList": ["EDB-ID:50590", "EDB-ID:50592"]}, {"type": "f5", "idList": ["F5:K03179547", "F5:K19026212", "F5:K24554520", "F5:K32171392", "F5:K34002344", "F5:K34162192", "F5:K63415246", "F5:K73464925"]}, {"type": "fedora", "idList": ["FEDORA:075BE30AAB8A", "FEDORA:0A343304CB93", "FEDORA:19D9D311A4B9", "FEDORA:1FED93150D92", "FEDORA:2DF6530C5C1E", "FEDORA:4E643311A4B9", "FEDORA:51EFD3146619", "FEDORA:548D030A7CB6", "FEDORA:548FD3102AB0", "FEDORA:59AA230A7074", "FEDORA:7D1C4311D3E1", "FEDORA:89B7530A2BFE", "FEDORA:95A5B306879A", "FEDORA:A0FA730BAE5F", "FEDORA:A5A703103140", "FEDORA:B8BB130A637E", "FEDORA:F270E3098BB4"]}, {"type": "fortinet", "idList": ["FG-IR-21-245"]}, {"type": "freebsd", "idList": ["1EA05BB8-5D74-11EC-BB1E-001517A2E1A4", "3FADD7E4-F8FB-45A0-A218-8FD6423C338F", "4B1AC5A3-5BD4-11EC-8602-589CFC007716", "515DF85A-5CD7-11EC-A16D-001517A2E1A4", "650734B2-7665-4170-9A0A-EECED5E10A5E", "93A1C9A7-5BEF-11EC-A47A-001517A2E1A4", "A9C5E89D-2D15-11EC-8363-0022489AD614", "B0F49CB9-6736-11EC-9EEA-589CFC007716", "D1BE3D73-6737-11EC-9EEA-589CFC007716"]}, {"type": "gentoo", "idList": ["GLSA-202209-05"]}, {"type": "github", "idList": ["GHSA-3QPM-H9CH-PX3C", "GHSA-7RJR-3Q55-VV33", "GHSA-FP5R-V3W9-4333", "GHSA-J3CH-VJPH-8Q6V", "GHSA-J7C3-96RF-JRRP", "GHSA-JFH8-C2JP-5V3Q", "GHSA-MC84-PJ99-Q6HH", "GHSA-MF4F-J588-5XM8", "GHSA-P6XC-XR62-6R2G", "GHSA-V57X-GXFJ-484Q", "GHSA-XQFJ-VM6H-2X34", "GITHUB:070AFCDE1A9C584654244E41373D86D8", "GITHUB:D32BE0B8A571761A967462652837D28F"]}, {"type": "githubexploit", "idList": ["00264586-32AF-5469-819B-90FBDA0B6FF2", "00423BD1-64DA-5DB0-848E-1BACC0883E15", "0099FB22-A94E-5D32-9BC4-2EC6D5CFFA9C", "016A0841-D1FF-5056-B062-0D08FCE624CB", "0241DC13-63CB-580C-BDC6-78F8BB03567D", "030066BA-6C48-5AD9-9EAF-11DECB6A3930", "034AFC0C-D411-5F4A-BBAB-630A6C972933", "03C230DA-F801-5660-BF8E-AB8F44E2755C", "0420DA06-BC6E-5B30-8BA3-E30BDE351E15", "0568D2CD-87AF-5D34-AA65-868B1DDA0A89", "0577D04A-4517-5872-B4C0-E45DD6246D88", "066BA250-177D-5017-9AC2-6B948A465ABC", "06D271D5-7A61-5692-9778-7F521D52F980", "0793D7AB-F57C-5832-B456-4057704CAEC9", "07C462E5-20A3-5023-B363-47E1B0C1AE4E", "09509FA9-9FC3-5B64-900D-F0842DC8BCF7", "09F9BA9F-83A2-52EF-81A0-214FCD9E240D", "0A26B4F0-3175-58BE-9CE7-133C9D85E181", "0ABA9FB5-93DD-59F1-9580-232DBFBB4AD8", "0B596CD2-49C7-50A8-A43C-8DE3027EC2B7", "0BC62E37-D6E2-5B2C-BF89-3E00D98D2E30", "0C734DE8-002A-5611-8897-213D53D85089", "0C98B78F-B467-5298-825B-05ECB4EE2653", "0CBB2E72-C52F-59B6-BD73-DBDD206C4C35", "0CEA12C7-97F6-5BF5-88FF-6797542A037F", "0D243A34-B42E-5007-90D0-A30ECABDA204", "0D4B651A-4424-55FE-B496-1BB733DE7EE2", "0D6ADE4E-8BA2-5BA9-94CB-ED90234A9B5C", "0E43C674-363B-53C2-8686-6F412A995AF4", "0E47338D-BDC0-510A-BC15-093F2E1DEF2C", "0E8471F7-D213-552B-ABD8-B3B1FAD4B910", "1097EF60-FC77-5135-B92B-4A84B46FABAF", "11719BED-E629-5C79-944E-7E40BBFC460C", "126A30D2-0273-510B-B34A-DF7AE6E0C1C0", "129B39DD-AB9E-54F0-B6B4-5EA17F29B7DF", "12AAE278-1B08-5F3E-AC28-8EC928D3D7C8", "13542749-F70C-5BAA-A20C-8A464D612535", "1370FA0C-A273-5E82-9EEB-7E2E5628D23E", "13EDAA06-F1A5-5097-AD3A-3D6129C325A7", "141F2E38-979B-50B5-B649-96785B255523", "14482532-2406-58DF-89FF-30B085015257", "149F99C3-6B62-5255-8DA6-A0370E6ED5F7", "14E4E272-9457-53A0-ADD5-F91385D04FCD", "161B70B2-DFA5-54B6-A4CE-45B79999AAC6", "16B2ABBF-5997-58A1-A4C9-0161F64D116C", "16C11F1E-B5B4-508E-8238-6BF3458B34D3", "16EB55EE-7CC4-58C7-86AC-E9FD7066B5F1", "170912E2-BB33-5CB8-AD90-C0A737FCAC5E", "17C204F9-DD70-5EFB-89D4-B642E65FAF99", "1AD6F414-6637-555A-AA79-BEE90EDB10AB", "1B11A8A4-B07C-580C-AF38-33A50B17B19A", "1B8CBBEC-5ABA-5792-8D2A-A51EB4CC6352", "1C354B89-0050-508B-98F4-B43CBD84F364", "1CC6B535-3451-5066-8C2E-94551FEC545E", "1CCC4512-40AB-5F72-9913-3D894DB4676F", "1D3D13FB-46D9-572A-A304-FEEC4619D37B", "1E085D9B-26F5-5960-938C-AEB76BCE61D8", "1E62A076-94ED-5061-AE4F-432BB8D7A59C", "210D354B-2338-5AA4-BB87-981C2D2BAA06", "21AACF78-8053-529E-909E-B6D5158008AC", "21B5671D-2A35-52FF-9702-380A32B96260", "21F23081-849E-5B0D-AB61-A8EB37CA0B38", "22AAF71B-053F-5E71-9F26-039C48FCCD62", "22C2FC0C-2C78-5EF7-B21B-5B76E82E2E99", "22C736D4-4179-585F-990B-A40436F65461", "231364E1-A2B1-558A-B805-F242AA97B13F", "23A2D479-181C-599C-9C0F-9A2FF201348F", "2421E200-716C-5F29-84C0-DD8B9C41D92E", "24682F53-DE0E-5967-AAC7-98806644A14C", "24751999-698F-5052-988C-193144F85A39", "254068B4-97B4-5DCF-A60F-5206B6DD230E", "26905C55-5DC7-5275-A0AF-FAF06685612E", "26FD2B5F-2952-5624-8CB5-3ECD4480DA87", "27760EBF-2681-5AF4-B884-18C8BED5127A", "27D73012-7283-5C8D-8197-BBAE1964DEE3", "29A41C2D-FF26-591A-A88B-DDB396742BBC", "2A95146E-A404-5015-9D39-293C8EAFF4B6", "2AA77664-83AA-50B1-9F4E-37CC67A5CFAC", "2AF28508-1272-5281-BDB7-B44D3EFC7C72", "2AF7350D-AB79-5AB5-8AF9-0F351CE13D30", "2B297EB1-A602-5F7B-B21B-C34BC6EB4308", "2D2BE5CB-742A-5912-9D88-75365533F9E2", "2E7FF2D4-97E7-54F5-A5C8-EACD22FCF303", "2E946B1D-12B1-56D1-A72E-A3026C240B1D", "2EACBFB9-2956-564B-A859-6C85EF9F785A", "2F792C33-6CC6-58F1-9166-4DEA421DE2C3", "2F83846E-DF16-5074-98CB-01158DE1C6C6", "30BD2114-A602-52D3-908F-8B66A46F1A8C", "30C6DF99-400E-539F-AA8D-39E7407F4796", "31E7D7EA-2E1F-59D8-8BD7-81B8A4894F91", "32BB43C3-F80D-5CBF-83AD-55BD38C2A440", "342CC1B7-6E24-5767-A7B1-90B95A91B503", "34DFC7F1-8012-5B3A-B9F1-EFEDB5F89D1D", "3549B000-260E-5A24-9573-935F898D149C", "356A7EC9-4E47-52B9-856C-0215B3D9C70E", "35A70212-DFFC-5B38-8294-2B835B8080DE", "371D4A15-51B5-520B-B31D-856E557695FD", "3734D8ED-657E-5585-B181-DE9BE2D84456", "38AF0E71-397C-5A1E-B67C-5514D8F8ABC8", "39A13697-AF09-5E14-9DE2-045005EA9D85", "39D0749D-74E3-5D08-804A-6E7E52BCE692", "3A118B0C-1B94-5CA7-81D3-2A3230EB4DC9", "3A1D442B-2B5B-5DEA-9276-9A9B6C06C9DF", "3A8F706B-1F40-5DAB-AB25-BA023D568AFA", "3AAA878D-C72A-52A0-A5B6-0977BAF6F01D", "3ACF6BFE-C853-50C6-BD49-B76794B8BA53", "3B7408B1-9041-550E-9CB8-83E5F609C37B", "3D2CC855-C8BA-5DC6-8C78-D67984FBA93F", "3D8E1FE1-17FA-5A92-B109-DEDB55A6BEAB", "3DF3AA17-94C8-5E17-BCB8-F806D1746CDF", "3DFE8091-03AE-565B-A198-BD509784502C", "3E142E8E-743B-5786-9EB8-0FED1933F71D", "3EA1CA63-F1F5-5A86-AB97-E327DAE18E93", "3FB46D12-73E5-58EF-BC2A-4FC103B8FF72", "4066A0A4-284D-5ECC-A476-ADDA61AF9A76", "4096BFF5-03AE-5DA0-8AD6-85D69E2570C1", "40C633CE-4DD0-586D-8773-760E9A70FFBD", "4142DC43-FEB5-5B62-B8C7-B2A4DEB336A6", "42098CCD-C708-53FC-B3CD-5A8356B69359", "423CC97A-8BDD-56B9-9449-FC05A902AEC1", "4288177C-C609-5D55-A845-D6785929AB4D", "43159333-A26E-5929-A289-0C84DDCF9DEA", "43A7C9D3-EBB3-57B1-B8FB-C651B36501C2", "43CEFD04-EB9B-5765-AB94-8FF76127F1F6", "44463794-7940-582A-AFFF-676628A86A72", "444C7644-3DE2-57B2-ACF8-C2B157E07580", "44DBFE24-1B30-510A-8291-B7043C7FF654", "4557B39D-1DE6-59FA-AF6C-935E8BB15AE5", "45E71437-8181-5EB7-91BD-D6E4343DA0AB", "473FFDA9-E615-53B6-9A81-F98A1ABD700E", "47670E23-A165-5F5D-8C90-5C76DA1ADFEE", "479EB930-7609-5244-8E16-0D8689304D86", "4804958E-7699-5226-91C3-8110A4CBAB18", "48821FC8-9320-5568-88A3-9B2CC655ADAC", "4A0D603B-6526-5D1E-BADC-55B4775C354B", "4B070EB0-B690-5547-8809-F1A697118957", "4B1180FB-F4A3-5FCD-A8D2-65364D1EA9EC", "4B30BFBE-6FDC-5580-9C76-65EA4EBA5DAC", "4B38D813-5C4B-586B-930A-FDDD0FFF304B", "4BD74B8C-D553-57C6-AB15-6B899401AAA4", "4C6A108D-3631-56AD-8C3B-9677A228693B", "4CB3AC5D-871A-50AC-9037-FF9B2CBD474A", "4DBC05D1-8178-5715-953D-61ECC89104F4", "4DC6D6A4-F23D-5A3D-98B8-3BB526D28144", "4F11FB83-F6EC-5ED2-B08D-9D86D6104DC7", "4F57CC9C-B908-544E-92E7-92A49DE89B00", "4F757EF2-574B-55C7-A017-51DC8BB28C31", "4FBD8560-2AEB-5AD2-9CA3-4A72DEDDE929", "51879B5C-E36F-52B7-B92C-DBA73A21F67D", "5233D0F2-69A2-5220-8016-07D66C226F01", "52BA1465-B7E9-59C1-A20F-E38A5EAE272D", "52E35A88-6217-55CC-B812-4EE83CECD8EB", "53A3C2F6-6EF2-52C1-924B-F3A9C95C2A88", "542348EC-7B83-50E0-8F9B-B6AE9968059F", "547FC254-3B26-59EC-AF4D-E5954678AC3D", "54AB8DD9-4A52-50E4-9EE2-046EBD899FFD", "54E7D93D-9216-5EDE-A4AD-8324A367E67B", "54FE5E76-EAF4-5D84-B37F-06F12A6AFF71", "553C3CC1-0126-5554-8BE0-5F577271EBF9", "55AD7FBC-06FB-5D26-A3A6-F9E9D63D45AC", "5644D9A0-3A8F-52F3-AE3E-300C79911A07", "57742B88-2AA6-5788-825F-92A73CA85718", "578E61DA-1B13-5170-9DAC-60D30F7F8C99", "58ACC402-1947-5FE3-9D08-021A4EFEC48A", "59A6FBED-4F3E-5B1E-87FF-E637492A268A", "5A5A28A1-2601-54F3-BA06-BCFF1A9DCCA5", "5ABB537C-AD08-57E9-9A29-E747D7C29DE9", "5B1D95CD-139F-5304-8B13-BB4EDD912DFA", "5B342AC3-2399-581E-BB6A-2EF19BC35B0C", "5B6C990F-05A3-5D83-83DF-386A34FB8560", "5C040112-8DE7-57AA-B52D-BDD1965D02E3", "5C116D88-E2CC-5BC3-9A71-3174292E227D", "5CEF4882-D1D5-5861-944F-34E8868BF986", "5D72C8DC-DFFD-56F3-A7AC-9FA83C48F460", "5E633D2D-95D0-5498-840F-EA92BF2C5A00", "5E9FB294-1E29-5DE8-A6F6-6D25B08A31DC", "5FB1E3FD-68C6-50CF-85EF-DBFC0B133C24", "5FC55783-FDF5-5AD8-98B2-C1CBFB4EFCCA", "5FDC1BB6-C937-5F78-BB2D-71584272E00A", "604B2FE5-9DF8-5C70-878D-2CCFAA39A6C1", "6083DCC3-CA9C-58A4-9FBC-983DF1E52584", "608B43BB-B31C-5B8A-A962-A58902AEBF2E", "61AC9232-A772-5D63-9DFC-BFE4976418C7", "62F5F8D4-29D7-5B5C-82BC-3D56E7E8D027", "634605C6-F76D-5EDD-9986-EC4EC593168D", "63500AE8-A10A-5388-B314-001A4CFBDFBD", "6413E08F-7E60-50ED-932E-527F515A6C19", "645452DF-222B-51AD-963D-DB002A1FC803", "65EB18B2-8DBB-5A70-9080-C6DA4451D7E7", "6600C311-30E5-566D-98F1-AC47E752EBEA", "67E20854-0E30-5FC1-9F24-6A60531BAFF6", "68DCAE72-CB86-55B9-9CB6-653918238C2B", "6A34D9C3-C290-5763-BAF4-F1D6351C4BA2", "6A4495E8-D723-5923-BB6A-B9EA838CF69B", "6AC0E68D-D6F7-55D9-A281-30D7E76D7556", "6BC5CBC6-5A96-5743-8FB7-CEDDF527C52A", "6CC29A1A-24F4-5961-89F9-E7B824C6F37C", "6D93189D-E2D8-5571-88D5-D778E1CB9C23", "6DA59A94-0CD1-5357-8F01-2BF3230F9017", "6E4D24C6-CAF4-5CCB-83A7-844F830C86FC", "6F10C51B-BF15-522B-B1CB-BA95361D556E", "6F20D8B7-C252-5759-B02B-F8E2C9D42E38", "6F251270-3935-58F4-835C-C9D26FA97CD6", "6F7E4100-F6E7-5C57-8A1B-89F03DCC53A6", "6F93E170-75AD-5F5C-B7CC-6C4CEAA695AB", "700E9EFF-DFA6-504F-8DD1-FB1A62E01721", "70582B5B-E1E6-5767-94A6-39740A96A052", "70EDCB3B-9053-5056-980C-AC3123913F04", "71594B4E-D7FE-534F-8E37-71A1EE08E2E9", "71D962ED-2525-53CE-88D0-D8CD92FB0C02", "743571E7-B8EE-5E77-B047-E2E001379ACE", "74A4D09D-9483-5842-A44A-9DA17D085AF5", "75180259-16B4-5B60-9913-BFC9A306560A", "75876A50-BD9B-5991-9E42-7A343A97C890", "76E7C0B8-1EE5-543A-A48E-E3AAEAA8BFF6", "76F0B9E8-D173-5309-9826-5880F8B35043", "76F6F494-8855-5F94-9675-4474FFFA65A1", "77BE16D3-FEC9-51E3-ADB4-250D5BE6CBD2", "780AD920-FF08-55C6-84C8-A8536C6F5527", "7865A97A-CD10-5E45-9429-CF5F72A6952B", "78C2256A-8ABF-5E34-9268-2EEC0C09E567", "78CE8E59-092E-5214-9D02-A3F5F62F22E9", "7948E878-9BFE-5FEB-90AE-14C32290452F", "798B7BE8-4F94-5D15-A93C-CFE73333BDC5", "799DA5B7-BCF7-56C7-80E8-EAF2351D78F1", "7A3F31B5-D371-54B1-A81B-3863FBC71F0E", "7B2DA44B-D36F-56A4-B4D8-376B8D2F5586", "7B48A97D-242D-55E0-8A13-BD2727C1261F", "7B9BDDBA-81E8-5739-B3F7-419C0D6E2316", "7BB30379-8D57-5FD7-A90C-1A24B1846A23", "7BCC0C24-A1F7-531E-B1BA-342D21C9AF02", "7C8BD924-02A0-5873-B8AF-445DE0103959", "7D70E261-1C9F-517E-88BB-62776C7EE1F1", "7D82EDFA-5384-53C5-96AD-A99E88471129", "7F93036E-3036-56D2-97C5-CFAEAB8DB6F2", "8021D807-3EDC-55A7-A9ED-A364159FADEE", "817FB04E-AFFE-567B-8A2C-64C0A8923734", "81A94AF3-F3C2-5DAE-9C64-154CF9502B01", "865C5B8F-B074-5B0D-834A-E714EB00ADFC", "867C95E5-9596-5E6D-BC2F-FC7A610F3A3E", "8697646B-BC1C-5EEB-84C6-2F209E41B64E", "86CE8F3E-1859-58C8-97B5-8D53531EE22A", "87378E23-9FC7-5BA6-BA12-83E90D9581DD", "88F20430-F65B-520C-880E-FB9413D8C14F", "8ACDC1C6-CE43-5600-9F6F-644A7AD0DA2B", "8B324F0D-EA80-53B5-8ECF-EB5FC5C0EA13", "8D0CF3A6-EC3F-536C-A424-08879FF2F158", "8D604793-908D-5C35-A3EF-6D2688A10312", "8D6FB9A2-59E2-5565-A2C4-B00D9AE074CF", "8E16065C-63FB-554A-B463-A1E8582A334F", "8E1F0596-03B7-5FCC-8A29-3A8B45D02198", "8F15A064-7841-5899-84CE-8C298A269F83", "8F362564-1631-5AF9-BB38-D1BFC4678DAE", "8FB716EC-9A35-5F93-9759-B27A58B52CF8", "9227EA61-CA01-5E0A-AF8D-22B03C07A27A", "926942FE-1507-5B71-9266-0A5EDC38EE50", "9297A534-2B19-597A-8952-6EC15EE80BFF", "931205E1-36E0-52BF-A978-D4C326F6A32A", "9326CB66-BADC-5643-B118-F38C39A9E34C", "9327CBCC-5FA0-5155-9C98-3F1488EF2F57", "938D4200-A40C-5294-A146-4DF378B29573", "945E86E8-E114-5F51-991C-13742C6EF49E", "9470FC0C-FB21-50C3-B4E9-5AB439EE325C", "94966928-86D4-5285-9A57-CBDD8F2EF438", "94A8FFF1-6A48-57CB-9340-D6806F47EFA0", "94E003E0-82AE-5CFE-8818-DBA1610BDE3B", "95033F5C-FFFE-58C2-9799-C77E326ACD83", "952CB700-FA2F-5221-96B9-2656F967B63E", "958F00F1-C4FC-5213-82EA-290A530F859B", "977D06B3-F888-5FFF-8749-BF8AF7868ED6", "9790154B-5F28-5BD4-8541-6EAA8D3E2B36", "97D358EF-90F6-5D12-981B-DAFEB56F784F", "97F1C960-A343-5B1E-B261-4834CF80B790", "98F6C0C3-FC5E-5580-A148-55F2368B18C1", "99A0AA73-B93D-56EF-930D-4FD64A4F4D35", "9B0163DC-EE41-5E66-9AA8-A960262A2072", "9C874FAC-8640-5978-8C60-AF6528E5DF60", "9D8C431A-57F3-560C-8146-1232C2C029C2", "9DAC062A-CFE4-5BB0-983A-8BAB512CF589", "9E16D977-AA24-57C3-9BD1-98296F3186F5", "9E4C737D-2D3C-5A43-B638-E131903225BC", "9F3ABA17-E33A-5018-9DCB-AECDD8DE9DEE", "9FE4ADCA-7F2C-505F-AE74-C635FF2CDF75", "A19F503A-900B-5929-8182-4BD7B1043185", "A1E14906-26B2-5DF8-95E3-07736CC5DDF2", "A39E4181-7C85-5B10-B0F9-AD286D09BD2A", "A454A9CC-C18E-56A1-B166-1A0E244E0493", "A57FBD78-A654-5CEE-8291-163C8AFB7210", "A5B4FB6B-123B-544F-A4E4-46B0595C1C72", "A6308120-6A99-5D2D-A1F7-6384AC37959C", "AB5B35BD-2A55-5B27-A126-0CF1A7E7B145", "AB801839-51E0-5EFE-B00D-ABBB6391399A", "ACB6C453-F1D5-5A65-91C2-DF455B997075", "AE0FE928-3464-53AA-BBD2-B3F9E871CEDD", "AF45C6B5-246A-5363-8436-954018BD121C", "AF45D2D0-2D0E-5BD1-89DC-2E2C8E440A75", "AF93C0CA-BFDD-5C90-9D8D-55350790E1D1", "AF987350-FFD2-5814-AF7B-55862F1A8AFE", "AFC5A984-3296-5D6A-AE73-0771AF4EDAF6", "B09C4EFC-2C66-5CA8-910F-E21D17B89608", "B22E3A22-BF14-5660-977A-2D28D2AA2500", "B32ED3B3-2054-5776-B952-907BE2CBEED6", "B4A4F7BE-BF43-5BB6-A4A7-A22C6B9DDCA5", "B596B144-65DB-5863-8244-67AEE883C50E", "B6987F3B-86A1-5FDC-AD92-EAF6D264C14A", "B8D5B910-B397-520E-9526-FE32D86E93D8", "B9A69678-D96F-528D-B436-366259B4A283", "BA8F1657-CF64-574C-81BA-6432D5A351D4", "BADF55AF-60C5-5E33-BC19-5DC25FB9E196", "BD1B0180-DA8D-5255-B3FE-EB6CBC730206", "BD33CC4D-EC56-5A22-A712-1B23F8FB141D", "BE4B2B71-B588-5666-9A02-7855DBD45762", "BE66A9B6-104B-5F49-918A-8B913CE46473", "BFB49B3A-706B-5625-9899-54FCB1EE767B", "BFBBD550-B2CF-524B-87F6-D0A8980CDFD3", "C0AE83D0-09A6-58EA-A244-1E453E699C04", "C14C47DA-F04C-56CC-955A-FF12A410D2F5", "C1878361-BBB3-5A2F-8212-945883518690", "C20BAC49-21F2-5BE4-B97B-2561BD95A1A8", "C306DCEF-59B3-5147-8169-3674490BD35F", "C3153E8C-0590-5D96-8EDC-AEE7E129246E", "C3C6029E-8A78-5C0B-9CF6-51489E455464", "C3DA2A71-DD68-5EF3-AC4C-5A10DECD333B", "C3E394AB-E22C-5A6A-B5AF-2A497DDAC7BA", "C45EBEA7-DE2F-5373-9AA5-334E20EA2D23", "C5531AD4-9DFE-5A81-97D2-D34FD02E2AD6", "C60B1B73-A009-5CE1-9D6C-3B66270812FD", "C640B511-D1E9-5F57-964D-3826F1C68DF8", "C6493FD0-579F-593F-A1E9-A44793F70419", "C68080B0-3163-5E76-AD65-2B454DBB95EE", "C6C5DB3A-FC0D-58BE-B769-D097420B7716", "C72759ED-7C42-593C-A3C7-94E2CDB2B105", "C7617E51-4166-5517-879D-6385309E13D8", "C76F7089-967B-5A7F-B8DA-629452876A2A", "C772DCBB-20D0-51DD-A580-F96689E65773", "C7EE8D86-B287-50F5-B8C2-05E11E510900", "C96865D9-B80D-5799-9EB6-DDF13650F0AA", "C9E3963C-74AF-51D2-ACF7-7687E92D049F", "CA408205-D32D-5A33-B1AF-0B863641C7FC", "CA625124-9F92-5FCF-83A7-3ECF5F0EBBFB", "CA8D6F85-3A73-5070-B9A0-3A47FAE2C784", "CB9B5FAA-47CA-5D85-91B9-0AC5179D527B", "CBCB527D-3C29-5E5B-8C71-D7F20AB001D0", "CBEB0168-C1C9-5A9B-8B92-83E1054E44EA", "CC4175EB-3B91-5ABB-A700-84FC1105AAD5", "CF96C0AC-16EB-57DE-B450-775CC256F1C2", "D02E385B-76D7-5BDB-A49C-CE858BEB0009", "D0B02251-DCA3-58B6-B887-D339C4EAABF9", "D107A97F-1C44-59AB-8FFE-803D1DC21EA3", "D1E393B9-589D-5A20-8799-0F762FD361DA", "D21F1D28-2C44-5969-8F84-E5C6FF67DCFC", "D2602292-4969-564A-915E-2EFC6661FA35", "D298A3C8-E215-5549-B1A0-D01215070203", "D5003B3C-B1D9-5840-816F-1AFEBCAC7FD3", "D536CD4F-33F2-570F-BA34-54E141F1132C", "D64C04EA-093F-5924-A39B-714908D4637E", "D6EE5F29-18C9-5E59-B9E2-01DC93F5ACE9", "D72095BC-06C5-50B2-8F66-EC86811783D3", "D77DEF60-6E7D-5708-B9F2-DB4EA3E38C23", "D77EE79D-71A5-51BA-9A16-DC757F86CC50", "D813949A-183D-55ED-AF64-B130B8F95A56", "D8246B9C-AC86-5FFA-AA8F-4419E4CD07F1", "D9F6E4B0-AC2C-5A70-B795-360757BE02D2", "DA01F84A-9B1D-5337-A465-2A9AB088C056", "DAB5D6B4-8A2D-58C0-835F-DA4F27B2142D", "DB81B174-C3E8-5B08-80E4-A6D768400C4A", "DBBD6963-3870-5117-A829-3DE976AE90E2", "DE88B6AE-5D54-5B49-A097-57038C720463", "DECBAC7B-9235-5E00-81C1-142CD41306FB", "DEE433F2-3A1C-513B-AE6B-E11EFFB5A8E4", "DFF2F784-9ED2-50EF-B79E-3EBF5A9B5428", "E0452D6A-51BC-51F5-9C1C-6CF01DA2805E", "E0A2EF02-5087-5522-ABA0-52F4142BB87B", "E1457E6C-87A3-5557-A3F2-175005D2A765", "E1ABFD41-98C8-576F-8509-5541B40FD442", "E1FC5745-FCD7-58AF-9F4D-65D94090BBAB", "E278D22E-7EC5-5A63-ADFC-EDEFDC650AA1", "E4103A50-881C-52BB-86CC-27F549B798E9", "E4491698-477C-599A-A65D-EBA7441764E9", "E4E73A91-5275-59C0-AB2A-7F3EE83DDE28", "E5280802-AB3D-5E96-83E0-97F22FB9EACA", "E59C9A70-6F3E-5CF6-9F15-B0039E0FBAF1", "E655806B-A2A8-5BCB-A30A-0120CA3E97A6", "E6E03693-50B8-5AB4-B766-8464A228BA02", "E981B35D-7356-5A5A-963A-744545A4E51C", "E9B21C59-ED98-5B3B-A993-F1C214F8796C", "E9DFB8EA-B99D-5022-ACE6-5A42D0D6A350", "EA1AF0D9-1E6E-5080-BB7C-9D6035795FFB", "EA3173CE-C426-5047-864A-480B1A30F235", "EA3C5D7E-0CC8-5AEC-8D7F-3C245A834DDA", "EA906824-9149-507D-893C-87A7FED8998B", "EB648301-A198-5E4A-A72E-9639ED09F6C9", "EC0987E2-0001-5D63-A5AF-09675A5915BD", "EC35769F-2EAD-5464-8F97-D90F768E1E2D", "EDDA4558-9527-5BDE-86E3-23DDD0BA5443", "EE01D764-5F14-5C0A-BD77-8E32854C5216", "EFD098FC-90C8-5665-98B7-79C96C6AEBAE", "F1D342BE-E1E0-5B33-A19B-E2EB9E3E7C80", "F1E9BE6D-4024-56FB-80BB-B10ED5889144", "F208D311-79CA-5A2C-AE81-591BA4D30750", "F2F2719B-7041-5D1A-A95A-7617360B1D08", "F32DF396-0485-5F43-8A52-31B8DD252790", "F388C84A-40DA-58BC-BE0A-74C7E1712C54", "F3A40027-6DB5-509C-81CF-473DE3BEF46E", "F493C59E-F2A7-52D1-B4B5-69CD3748C5E9", "F4C136DE-892B-5921-8475-E30BD548DDBB", "F50E9F2C-8C80-5A76-A993-A3E42414D797", "F523E799-3659-532F-8EED-40AD7F79E752", "F594470D-2599-5B2E-B317-C9720581C07D", "F7994B92-2846-5644-8B68-EFB6DFB95ED2", "F99D82FC-3BE5-5B6D-8FDC-0E5BF9C0CE58", "FB593988-2CFC-5828-8229-9274AC7B0F86", "FB65C479-F4E7-58BA-BC4A-AED04F10A11C", "FB83113C-AABD-5893-8DDE-332B57F4FDD4", "FD364396-D660-5D23-8323-23248A5108C5", "FD65F47A-0B60-5F08-BFC2-1ABD16F49781", "FE8572DF-42D4-521C-B3DC-4715C2F9240D", "FEFA5AE8-5C94-5174-B44C-AC52B9AEAEAD"]}, {"type": "hackerone", "idList": ["H1:1238099", "H1:1238709", "H1:1423496", "H1:1425474", "H1:1427589", "H1:1429014", "H1:1438393", "H1:1624137"]}, {"type": "hivepro", "idList": ["HIVEPRO:0D02D133141B167E9F03F4AC4CA5579A", "HIVEPRO:205916945365E4C9EB9829951A82295A", "HIVEPRO:28A01D4CBC8A05BECFBA17B5AF4793F1", "HIVEPRO:310F7AA9457FF55D42E100B468844E6D", "HIVEPRO:5339CBE01BD312A79B81CAAEE0F3B32E", "HIVEPRO:57EAE0D1FD9EA88C12142AFF641985C3", "HIVEPRO:753BDE83C1D82672DBEDB937144E1598", "HIVEPRO:B25417250BE7F8A7BBB1186F85A865F9", "HIVEPRO:C037186E3B2166871D34825A7A6719EE"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20211215-01-LOG4J"]}, {"type": "ibm", "idList": ["004795EC88EC224A6BFB93940B96344B4EB9FAFDD91D056225AB0FB24FFE6CFE", "00B8C97EE29C4817481434B7FD887049A0EA42C49E5514E1877ED97B5322DB16", "00CA973D0D5F4A08ADB77D27F66CF53D661D1B67B8DA263B3CE4522918A4CFFF", "0172701FE5FE7C060372C9A6E7199B0E91A4F7E5904E7762F54202A8D4CB9759", "017704F263DE498C81E38DCD35C1B649CAC8F2B6DA67887C1DC1F132F6BB1B85", "01C1A66F149F6CC650556CCBE7E381780D3142691366A6B6EFBC8CD5C674BD4D", "023C54E1D297D5AA9E7F44F8089DE35CB079281FA1776467BF8B7A7AD4FE252E", "03991456EAB03B09B39DC9DB5C8BE4A51167523943AA9AE61168FCD6FBACC80B", "03FB798F067FAF41EB009C69979886C89AC88567ECBC9DAD159CDC2AB547C1F7", "048C762AAACAFC74604EFAB15A41479F902FA040758DF428CB364B0242E01EE5", "04D3658F043D6F4A2AA1B2F519A7E89C112641C7C4E2E58E14BEC11BA66E803D", "053134070CB8D6609B7F157DC74146FFBCB3EBE941406A677E889C3CAF773364", "054558DC9CF59741DB8F92782AB69F01D68281F52C85F0F6E6448CBC2E7F8FAA", "0583650A9FFE2FCDB0F96965BF9EB71CA311C6F3BED486BAB7842BA8A7287306", "05A1D58708802BF8C1674EE32BEC4344254929330218CAD68AA838AA7F549BF7", "05B0D73EFF1926611B9AC08DAC2A173A6A2D7E47E96A50C08B5EF48B15FD7204", "05BBDE1FB03AC43275CE3464D408E5E21E63D250E7B0CF0E90D314FBD5991752", "05C0F0FFAAC20F511D50030C8EC7ECBE67EB162A7352C90C63F986E1F73F829F", "05C433115EE2DEF62DD69CA7C7E97FF424FB6D815F82B8FFDD0435DD323AC60F", "05DC2B42328B1D8271D4FF358EC4A58529E6A6A6B8D7E154A691EFE1CCE81D1A", "06543959E3F80611BA94C3105900D725FA079835346EA88779BC4F272E259FC6", "0665925DF5F067ECF5E297BA3C90127DB89591002C77E6A2724DF5A757C0156C", "06B617CF301DC9505BA9DD5DB1C356FC3A1CCF92C2BD6C1F311F6B9EB8C0F85A", "07D3AB62DFA72D2D71CAA0C7C12F57DDFFDD03F36F449256AA46D57B94E6850C", "07F48EB2EFD881D21294E1AFEEE704414B9605E4B9B1F4BF6C82B1917372C2B8", "084618FE115DBC963CDA469EFDF156D77B5FAF5BE04B99575716D75AE5C42F9B", "08493CBA8B1A8F34C7786760C52C7997B8AE1C300A4CD3A03EEF9B528175E0E6", "086B39C8EEA9E80F827A72EB837BB35072FC75FA2EFB8DDEC667E6F0D07BFC82", "08803B708D4CA95FF8DD68A4DE7FBE7DEAA67387194E25D8CD693B135E7332D9", "08C5ED1F3E47E1FABE2752DAE40446E385D6C5EB30C70D7C739509CE04B06788", "08FF14BF18D2D8DEA2BCD9900A4BED9C481C9700F7CF99B6CD1B3F7EDA9C3865", "092A442A77CDFE46ED83F2F7A7AEC07007442443AE7B6D28BB557D1A8FE3BBB2", "09E2EB771A00246F88812FA7239EC135B4D760017A61975C9C7DFACAB2B566B3", "0A50FDB1D7E17C09815A2D06C237539FFD67E23789BDD9A730E5EB3DD9473349", "0A6CCE42A31E930F28AFDE0602BBBC571E0114C6DE44000B246AC3D8A844DE39", "0AE80E7D1B92F5584C0652988A6BC58F1CE1E37349CB543C23A7BCE8C2445CCD", "0AFBC1D7F97C5C9E0F0CC49EE02F2CC41F95432701D1E857EC1AF635A6E339A4", "0B0C1C8C8CE115B4178E3F36D545ECA410D6199928FD71C89DC4DE93BB9DDD9F", "0B62A979A39E5FDD103EF50E44280DC84E1DA4B8937991D39D2F70B94DE5CDC6", "0B7D327E5943F8BAC5B2E5CC855F0062D08A51BF03FA3BB29C4B6E081796EE73", "0BE9D0B4CFB0665275C7AB4C70E1548AF1DB00B55BB7D3AE5645B4888C179B19", "0C1804CEEC31BC3891CD11D25C3FF5366F208C6C862263628223F5F36164CF5F", "0C5DF0032AED817AD90450244E2BACA3580BEA79A5DBA7B84BC329B4F1B22585", "0CF13F8FB4FD77C6593C265FA8F397D0C4324FC1F07F86C436B4937E98B25DBF", "0D5D9C62E3772E12A0A361D23CC8D2FE21F9AD572A09912E906D408ED2270FAA", "0D6234D366BD8E5B02C4B7507046A503B63D0B4B38E06DEEBC5B6B98A5E2C80E", "0E0248E4E7C78DC0F137D1A675D47FF40D0F4EEB2A876D0083EA60DD92CFF303", "0E0E7B18D99C2EC8E29EE4877EE2BCDB492FE609EBADF3B5D9C1C38BABE89E03", "0E139C6B78E05C5FB31297130E7D8182F37C6EEE164FAB0E33CFAB3DCEE481D0", "0EEEF8DEA83112CA8F05980CF97966A805C275EB2074F4D594FEC682F79F9571", "0FEC88A4274D91DBFBCE46AE5EAF1CC67B908E3D943BD3504E2985D9090BF93C", "0FEF4738C59C97322DBD25A9806D1EE3E131F117AF9CA9C33F3A6098A981AE66", "1043C9B5ADA0CF1BBF8E9DE491E84D20E919E7A942A9DC281DA349673B5F1821", "10DF4536D86919652FFFFF08E8AC284AF696E6684CAF921DD9F5AB335A3882A9", "10DF54AA6E02F56E5A696B90CA92AA8E0E7F033CECD731E6AF976A827BD42316", "11F083F24789C00D831891F641CFFE8D7B6951720CDC22410E3BF22541DD5871", "11FEAADF6A94DFB6615A82EE0023D346C418ECD114C445A6BA52D50AA2C6FE0B", "12240127E787CB33C3CC7C98B58B11EB8C92448F0B9939B1AAE4BE9A29E0C693", "127C76472291CDD3CB521ED83F3C5EE611A0DBD9FFDB39D76C830FEB168F09A4", "129CE78870CF5A56320BA28A8E839DC00636BEBEF434ACBBC173D76B086059A6", "12B5FC796651D7A35DCF3B8B99675B867D7E526A689762A16A5B6315936577BB", "1310B3EFA1CB8221444DBC5BA49E64CF94DE9CAEC7263EBE35877FDC59E5AC3F", "1344237EA4CB2FC0E4E886077C19B07F9DB7272438002709C5CF339D588A226A", "13F541CB7E471297DBC119C027DC6613DDB93B7E6EC8CAAB1918D4F75B9B0A25", "1449AEBCE14C7A0A52FEC9AC77DB499F51B4D1779EECBB859DE1E3343B21DE81", "14849B70FB8D1FD1B1485C3A35CC1AC4707F86D18C75B440EBA32375A28C39FA", "1564B346628009160A0396828F83A178C5F24808FA0E2904A4DA0F9DD72C42DE", "15A287A106B845D07333D01887C3D8023917F0A2AED2934387D8904CA8A42DA3", "161781947F78DC6E1DB98B69A6C967583378BE1CE149288586DE90571B7A6567", "1629CA1DFD389EEFF25556E8C9B707086E571E474449820E949D944C6EB994C3", "16736BDC76D22C21547E48EFB8CDDC62FDD5AB41955327A05DD047CB18A3DEDC", "16C6A2A5C46D726C05127742DD742FB5C4EC9A7275676F6F15CFD2E42BD2F88A", "16ED586346F20D333E8666E961BD98E7E41B11039AAE5C73CC7239458817B65C", "1718BBC548F6B9290910114BC5C00A77714052D125CB0F46088F37430F68E717", "1722763F9494E5ABFD7D8A4F8AD4D4223CF2CA83C71F6F1FF12BBDCD66A6A4E1", "1827A1B8985F4A2B91EE262D4C17EF01B71CFEA86DB0A386BD1C1B098E2F4B69", "18433120583E82C639DDC6BF1D76EF365C9C500B0A9CC0AE663BA4BE32DC9232", "18578ECA481CB003C14A84CA7A47ACA060F579C24F4075A776AF26B575502960", "185EAAB4DDC8472DF44603A1F8F5361C61E9CD92D640BE3D1EC6D31AE959C4F0", "186B70A46AA8E0019EA1FA3AD7C84BE2123190D3E9ECBD8080B8E32748EE5D8E", "18A47CF24DAFF468D1B3E48E56A7C723BAAB5077F0C1ED2DC22653DD05320A38", "18A5E6C2581806177DE446AE26FCBC2EBB616C29B40041253F318FF51CE1AFB5", "19613990614CDAB7F34154F3A620BBF18E7F15F79F3D35FBEB7EC2FC9249AD2C", "198E2723EA7A1CE1B7B95165E39923D5EC8AC5F2D17849CEEDD3695D8CF40623", "19BDC8BC083D06551FAAFFE502D5430968A9B28E5C71827BCFA873F30BA60815", "19DD6BC826C8BB8D144E5985E9EA9E8E00533CC7AEA127F00BAC78AFBE98ED00", "1A308C90CA9D34C9787724E32DAA927E0CC6F10A74C5CF15E523AAE37176CF1C", "1AEC66B946906A8F4682C35B7C619499014756DEA99B2673B7DD17DB8DFF256D", "1B24B80EE0365FFF7DD17D658867C0FAF5A2D298D0CEFC01C750A9D3A2948965", "1C2DEC03C362950F7E8A7A4738163DC753D199D9236892538387FEA799FD0111", "1C6CC8129E7AEC5C314CCFD7570FC09548438820946E9774FD2E2410C0897958", "1CBB3850C5774C7EF01617A98C0603053597EB9E84A0DF64C201094FAB392754", "1CF787D3495FD84D3FB0E74685765A4270075CE576D888A960036582B4F83133", "1CFF840C0308591ED858D48151909C9A66A9C154B22BCC3BCF7A195C153D3C69", "1D0962C2DB9E45A67BD8161410DDF953960E39C9E80BC2FCF317962372317FA7", "1D2ACD2E26FAAB07F4713510046DB56AE9A2584306D1B3C884E18DC47771F892", "1D7359BAABB92466BEB889CAA2DDF2BD1605441E4ECA5499B927FCD2C7A25326", "1E8EB664DDC627C3309FB200921E9D61D835AF04A5F675805F93C64918337FD4", "1F4AD6C45C3008DFF01BE9EE1718E1541E761D5A4D77198ECEBE3A97CBCEF6FA", "1F6B1F3D85A0CCA59E5FCB54F755C559078C8064F36F920EB06BEDB03C8098C1", "1F70C5A79D6753DCE1B109CC6B4D6E0DDA83C89E2CD4AAF458A94CB107E502CB", "1F7D1DABE3F10F804A14788D638556B04F5D5038E1088B9F38B3961987623815", "2042D81324560EA3A6747DAF5E2633EFD4EC3C4BB62989E7EF2C6A1F73035677", "207BA1F7EAE0F24909102A8E9F71F4E090F16E370A882E1CE68B1B6EFB5952F4", "209DDCAB6F475A868DA84DD19D31132027FF62B259B6541CA0C9859AD7CF6ED3", "21DA541C953FE579D7A89031BC5C9189997E2F34B854280295DEAD5079D2C395", "226444D26451741A120880149A9CA946711043C9063C8B5E2B0A7FB4B06432D9", "22A3084E2002F23895BAE53AE66469749F21716FF3B8CF15A58E6BBC0C953322", "231A52BDE442B2AB4C8738E8A5DA147B21BA8A7C7B8F0AE7764349AD467647ED", "23532FC7488A1E0A5525D86FA8B58841ED6086B69C02A7FBB104B3F98E2ED3CE", "23AE54815D4CF73296F6842E5DC0E74807A9DBD435A1F78F1FCEB4A6582B9613", "2494FA18EBA69E49E0C9B21340A86FBCE7BF93F9CB851C89E87B389A942B8EB4", "254CA19F01B91229AD797075EBFDE4E2F31B0E186E1F90FFE7EEA7B96C5576AF", "2554E8D81F677D7B6EBC79FCE40E258FEF8A6F105FAE62A81A45E3FA65DA6631", "25649DBC7E3256428D82B855B8B2D096C91EC2361653C508EA395A775FB57C82", "256D7977365CD514F903FC0D0240FD89D47444B078D35EB3DA4DD54AAC8C8661", "260279235555854E885845C451ECA2B40FEE914A9DAA545DB60B34FED9655DD0", "261D21204C9E2060DE70CAB5932236C5EFB2EE37E8BD5A2C64CC6F1DFE9C5D11", "2709A19D29B9047D230E570EBF5F26A53D322D557D88CBCFB480F1AFEEF6797C", "27CA57133D4B5B1F4E49A540317B3E5B1F12D9FE95D8816B99C194B146A605F5", "2885F7C67FA8ABA6509D26CAF95E84A562F25A1FB10B83CDCA375D3CFE102B5B", "28932A2B46E12EA86EB64762E53A114C7EAE97254E4818FFBB7E3706DCBD4C0F", "293EF81263893C534C2D8F71EB157B1654E302EABCD1A18EBBAB4B99114BF099", "2982812924383536764B05E9EE51D50713C760EEBC623C7B5C75FC9B18B6A0F7", "29D0DF01470BDC8419B05A248E7472C3D66A25942620A36BE340FC58780F85D4", "2A2A58428E1CBEC906EDF03B6BE46F0DACE2B4D3D28818B6FBEB79172EA7E315", "2ABD5F1D2957122E317C580F15546698F1E22FC12B3BA0C2F3DE7B07BBE28CDE", "2B4BF4255BCC236589D6C0920161C1A0C21613AD6AB1CFB9FEC5DCCBE129C652", "2BE1B762E9F077419A696E0C1B88E2D3F236BE3549BFC2182468480E071BF032", "2BFA66DE8BFDD06377ECA828C11F053F870F48D77EA53F9FE38F929F24A8C66E", "2C907458D4293F40BA938B5C37F7CA09CEE0E4EAC6B0E4991B8E852D82D70B6C", "2C91E3B2FEF04BCEF23F12290F03A43D58EEE4E79946072B4CD9E132F31D3891", "2E43FFB94818B9FA5C94DA88B4D321908359974CB3975DC266C2CC995ACB39F3", "2E5E4B8C9F62EA8A0096E1C9AFF46DB81567BD911FF8F4EF57BE5F2BFBB0FE98", "2ECA4222DEDB4E4A04241685461C605ABC21EC9265B95A4216ABEB9987022E9D", "2F16069B1CE00FDCD4AD5C4385909858D944C8FD13A6559AA138466094D42D63", "2F6601CFF878D38C07C4F896C729FC94B86DF3A06510210BAF75BA2061BE577B", "2F83AABA00B663AFEF63A77633BECC48724170228D80CF284B2FA6A8E71FE2F8", "2FB7CB3BCD71C1BEBBC4FF266EE80468CB16E7E7F2E81FEBB54F13978F2EC325", "3013E3EDD3900D973C5458C7115888BA961C479A9EB9DA6399CA9B389B37A68A", "30495EE9B3C48AB51AC589D2A5956D977474A3BCCB9A67B54801DEE7685C5573", "3092B1C0BAC8BA0F65979D37C5545C23B95C45DF35290A26827618ACF0E8B4E8", "30A0E9F889B3548B9BD0339A7DD9F4F3D51821FE906234D247C17BB05B831873", "30B9050919D7C39431AC5338C16936C21A40D07623E5A2722246A5F91B5C6781", "30E9FB4250193CA2C5AB02F5095C96F34F2044E06280324E18E38EEFD7C1490E", "31818542FEE3EBA05F196E3245AADB3A27506A9391A7E39DC666A3A5AAEE4963", "3220BFD68D0CE5B97E4EC49AFAD94FC9317DA5DFDBD73C624B022C3E93AC4268", "32B93E43E1C55C81657EE7907953E5A9D625B9880582E91319BEC424702F44FD", "33D4121C24315EBC2149A61597C95EC5AA26609607D06600AA66FC2197320064", "33D4F4AB29F61F8B6CBE4FA75932EC3F056EBDAE09C1EE646CED9312D620508D", "342C70DE6943237DCB4E2BCA66A117A8AC4A929DA3631A2BB88E27D99C1A1F68", "346D16D569E536E3964A478E60D04C937A6400863FF298D85DCA3B0FBF6C0DAD", "34A1BC83BF19906C7B478BA74801364559DCACB160B8635E7EB96D184FEF89D3", "34E92615DEA7EEB534443A478FE7324FF1E532020BDA914F779701A3E0067CAB", "353C11DEDE2BBD8E7000E0CF953F60CB8C7B4563DD5B8B7B0C575FA40010F5E7", "367E775AC76361CE6C1C522DE3AADB0FE36538FF2F3D5337073A1FD70D69E08F", "370796EAB6418EB08FD5FD2A3C9FAD648C1A324ED0E5197DDAD05A915433AE24", "374551AEDE74F09BB8E799221D81041123EED35A30E01C22E86613B8E46664AC", "3785C5D9EB5ED7F0A78E5E658EA5CFFAFAD59AC988F3C0537E78654DF8C1343D", "37DEA24D462A4FBAFF5F635701ADD4D7975920B040324F41A7D2C11D55FA659E", "37E4288762F4137CCB40EAF6740BA95099EFFDB0B7C1A2F36DD293FE994929E5", "37EB0FBFC18EAA8CBA405BA4A0486007287891F661D591E70F8DFD893065763F", "382442D01890BE0F397DB0132A6B09339C6A137724C837A5E2907ACB61EA374D", "3828A20846DAD245008B2B65E98D8C5488EDD3BEE6195D59400F18E61B82C570", "393A985D4478230C9D2C42E9A4B6209E9A8A450BC8302073A121E3B160C57EFB", "3944066115BDCBD3922126FE86DD126D42F66D1D301D1FD016CEC3B5DADEA3E9", "3976D01F8C3788737A665B8B2C67DBBC91A5E249602308AB620D7FB7082293F3", "39C439A440712A8825FAF249AE9256D154F422331B554EA4FEF0A1953F90EEE0", "39DCADFA5630A8B5DD97C6DDC00C4AD388F97C14FFE5DC824AE5D1BC2530A7EC", "3B456375FBA8F9576ECFA26B90D220A038E69342D34BD0A526291E4B82A5ADE7", "3D6FBFBC369AC87AFDC7A238763B9878A6A5A8883DAAD80409B753C2C6E4D4B5", "3DD98F75D577A590F9C6B1044AA5212C3724660A7C7FB06B6DA4B25B95BAE35A", "3E07C2DE7AC309319BAAF6FF4AECE19884B3BBA081A6C0ECB9E3722A8C5B9B7F", "3E89F6F868ACED4017A55BB54A40658D10E6704003F50ACBCE289C1637B41045", "3F108F67BF1C0CDF3357048A55D6F542375A28F355F9359FDBF6A3EA00B3BE23", "3F22D484EEB21B0ECFBCEC72BC808CC13691870E90AFA5724963DAB7B31EAE45", "3F4820A3C64022355AE6B658B22CB04D75AF98980AA0D9E31E518E440502939E", "3F8E0911CCEFC3595FF21B7E47274CD615F90C8875E5007B90FD635ECDB03F27", "3F96A633CE7ED35C5DCB16407F6DA5B42A94D92B87D9F35134C90B90A6E664ED", "40793F706E8E7D40E73D53F66523BA8AE8718C40C00FCEF117CE8DEAC4566FD6", "4204EAC341D63510AAFE13D5F22BA14E92396D43569176E371BFB452611D1A97", "4260DAECE64987CB5CD4D9ECB4D9B5114A02F141075740ECA0BC83E3F74E1DAF", "4271B86469CFCE465E783BEC3C9F3EDD13D645F55A5BEB697F3A4FCF694E568B", "42CCD08061313E58CD6A73C8392806C80452EF564A9B5297EAD78887E47150D7", "42E2A358194D10969A587E1619263DAF26CB9ED7B107D2DF24882326792073A6", "42EDAFE6D8936EF20A9D2196EA720167F87C6E003FF3677093C777BD76F87321", "4444CE19278AF3B6D6D733CB7C56652494A379ADDF5788A2D704DCF2AF8B12B6", "4490A508C76B3478285658D50CD1591EE7BF09C6C6CB543CD3B4AD02093F6106", "45A5CEFDC4D7BAF7DD3A35BE14090A435BBD4BEEFCC6A8B34291DE21F9BE02CD", "45F290647D7A4EBF1F245A22873DA3258113639A5595D4F08D5206EB9D79EBCF", "45F3E79F778FF116B7E1BB62B97CC9ADC2834AB5E2280953B0DB7A3ACB3667BE", "461D38744E2383701381659B3FB9C7655B5271B60CDB145B8DACE60D09C17665", "472B90C1832448CA528B9FB0B6A4E81CAB1388397DE753F5CD640C5D7396EC9B", "47F9B97F5C70271003B4F349F290DAEE365E345D0FD653A75F922F411E166C2B", "4836323F140F5C6D88883F2A098C5531EA1D0196B52BD5DA1D2D5BDAF8A68C4A", "491BCCBFA56FD5656AD6056603422EE25ADBD4714150C62D560AB2E48F9E5107", "49205DE3158828CA6FA6C7CD62D00C477647536578E7504D371C893392271D34", "4A9928CA8DF2301D156918E8B6459559A82E776F96B450859D7B3992507232A5", "4AB0975E08BC56107FE408EAB5B5BE88E706B439236C7F566A37398C9C1E0CCB", "4AE1D41640E1E1F9FB5DBE7DBF0EE0C2ACA27C0ECF4C914440CCDB95D27308F5", "4AF3F2925FA2FAC4247303F748E1EABFA2DFEF4045F7C3DA1E06B8C833F40639", "4B5F807E31A15D407C9BF25DF122E3434713ABE31B456A9F1B5453022433CDC2", "4B7C6723D18E0DFA9F2B469E2F6D9E9E97BAC6728DDB3BA15F40ACE66F684EF5", "4C80B96CCF860D1EC965D20D607161A663C8FEDCCC81B5243439A21264518261", "4D6D019876F2EE83F308FCD9E27F7FE176603A605EC9CDF1DBCD5C5C9951EDE5", "4DCA21B56FE99A5E5A697112CA49F4F2144DF92AA26A0776EAADF3EDAC9C9053", "4E45A4CCE496D5E81C322B32A8275068E422B799EBDE7BAED299E58F52295C89", "4E7048D2949BF25810D29EF0126BEB63CEE9FB2EFA940D8D15F1A2EA9579215D", "4E77D6807CCB5F39F0079A9612FD44F47C18AEBAF1D9AA7EBBCB816C3FD025B9", "4EADDF94DBE666E2A4821F37D1326BE41E94E92E6E6B1A8834D7F3C47C803887", "4EB30F982289A93326697168C61CCD073ED91E21FFACB7414B6EA10DBFA0E2B0", "4EFC83BBFE952B5A30622818E7241DB8A09B971E9B7ACADE5BA7D19EF0AEA021", "4FB8B888437D1D3BA8267655720E593D70AA3798247EDD900F18FB420753B17B", "4FBB5FAC2DC58E004CD52875DF4CDC0625DBFB20A2AD61A597C719C2C2B0ECAE", "506E8C92E0B76D834A33E4AE02E5206A0ABF28570630F6E4A780D13A5238D647", "519FF26BE329CC59BFF47E2AAC0D4B73FCA35BCF836D736A007D121863323E8C", "52A8E312F76DFA66EE676746F59680D7AB9226D255F560545B7CC36F9FE3859D", "5386FE1271B599B35C07E4CE74602B34BFA6835496174DF0B19F0F6517DF425D", "53949D71EE0D6BBA6C433F4DE402EC6D1ED7AA7877C8B84C15AD5E27FFEBE24E", "53D2631E5E76894870663A2B4948D3A4F72BDEEDF8C87935B788F981BEE5852B", "54682F1EA542F814B463E30C28D7B3F0494A79A302DC1D2E0A77C3EA2D82A4D6", "548C926066F6AD2176268ED770911E39A8F8EF2D79582E0A4D8DDE7F34549084", "558ED6F880AE90E6CA233933ED947E6F8B2EFF2613CBD4FECB6553DBCB9609BA", "55BBC53EEE4090294470AC417A4B8BDE9A26DF232DDD5FC327A46034AF09FE38", "55EC485EC73B3D7A162F7D917118552B8FF79C16576FA7B62735142A63E88FC5", "56059B5F100C5E301BB59AD5348AE0EC5BCA358A66862D4869D7C227806A00F9", "5662007982BBB6B88D91C6C7393CC2022D9415D2290FD0DA76D55E99204FFF35", "57F378C3ECAA81B57FEBD5461678476040D14C98BB74B1C978499FB13671C0A5", "5815FB6A93B31EE44428DCA7206EFD79ECDE693494B2D5F28EA2CF1909915C77", "5879CF9AABE7F86F632F6DCAC57E7EBB01F8CE44EC1726EC43A98BEA1F62260A", "58868A8A56E187AE7CFDC0168A9534F5C483AC0F042B7ADF09CCBE3D8A901101", "5933EF8E3015054BC951DB682E9526300B741E8D2A0F7151692088DF8A1C8A68", "59B7946C9A6C3194AABC62837EF6BB67DC9842E324AD8F205921939D80803E4C", "59E669B8BB67D676E7382F77EAD621E08DFCFBF626C52F337A77A33EF6F33748", "5A182B28C317B902521E7BA81792EFB0A2B8E8B5E6FAC69E9EF783A1CEA0D99C", "5A267D6DC91BB78194DB393D512A5DB239DA0C38596EE5EB3F28E6DB5C4B8EE1", "5A77C3590D23BFD85FBC46CAC465870596841D78EFCD8AD2320EF501E87B107A", "5B37505321D5F8F7903F3D322DE9A25CE9354A44961D5523B7814C9B66262032", "5B55DE775FD627D53A5307BC1C2CCF710D57AAAAE0C4F339A2BFE244B91BF012", "5C1515C744F7537118B0717D85B52611810BBDF6206930989FA3E05682B9BEC8", "5C180CF3DD2E435362FF5BC2A613DCAD2A1A4562790B9361A68E2E003E89DC3E", "5C2309A832A981E871A38D52C9E19A6D60138A5FF04933E55F3319A964A350A7", "5C4285711D841C9680531DE8ADF4E9F871797CE3D4CE7073D4D1B7D69166DABE", "5C78D16785206BA3DE0656E1DA67E30BC720F22BB98882FCD6029110F7F105E2", "5C84EE90836D63B05BD8D61CDE089A39BB0BF0FC1D82D10897E9D6EDC4884684", "5CCDFC397B134AA5DCE5EBE10022C85B3EE99DAF9D679B25DCCA69CA3D851EBF", "5D4E57B88DA114CC1637B260294F38F53CF8C7CCF19B1E4FEF1E5735A6EC78DC", "5D661EA5B801079F3B7AF6D31A8566154E3150C1E3398EC1CFA32E9398BF38D3", "5DC028B7AB8CCCA9FD3F109B69D7F7AEBDC718A32C0EC71E5693C99FFB06466E", "5DE317A3D702E314106A0461B547D467E6BB3DB2762FE0C1E94E7E11DDF4B131", "5E0D2EC541C3D2FE5413DA829783950147FE05FA866060FB6B6B557BC4E00A16", "5E46685CCFDAFEF52C3BC0BE649F5DFE9485392CF7A7733CC64B02CFBA707DF4", "5EB805FBA32A419246DDD86FFCA6C34246C092FCBCD8608B3ABC4B0A77FFDAA2", "5ED570DDC2DC18EDBE3A6F896450F75892C392B6E12D967BD6C8F6E5EB0809E5", "5EE7E4E97581573D0B40454E7851D662668050B8C7587DA918FD85D38B92C2A2", "5EFF655D943C0D5E8C73B3D4B7AB185AF29DEE53180C31B6A0F1230B33462ADF", "5F247DF8011234E4C8E9F5DA1233AD5131F7718B99D13FA0E448AB8545E5E6F8", "5F24F58173ED799EACD7F7DC971D2ECB62B80971453D92D5DB9CA708526DE3A8", "5F61B9F9A964CB3CBB554CD28E3CE9FF36CED8CD1357DB2E45299E1C329C251A", "5FAA10ECBDD6BDD67568DC782206BEA34BD7120E44FD8D30001A968A438E5C77", "60679F1EB565A827FBFDD72C9C325755586FDA1F0AC78877A6590DED78230E66", "61B9181EB54A0FEA76BDF465A9DD7A1E27734744F2B1A6386C84D309D1C6CCCD", "628B14B8AA20DB98F73DABE8C7FF0C2746646BE602A0BA4F638FBEE3E634C393", "62D22CE7464E30931544D86043D72A241CA4A2ED1A6F28AB59EEDEFFCBBFFAAB", "6305882E456CC7111E361249970AB42E196A23084AAFDDE2E82B0694295074BC", "63BFD56A20DF5C6BBB89FA5B088532EA82325527013281FEBA89C17DFB719437", "65B30A5B63DE43E789127C5F5AD2977C7194142636581876B7BA2AE224B6420B", "666E4FBDA68F1376E7E84944B116ED00320BF80162EF68755AD1CD31AE358231", "6741052F2A7BCCF76F84825C9FE706D98BCF279A0C055A783796DC802C323E13", "674DDEB58033DAB9D03ED4483C0C1118FD09DBE69E73AD0AAC428EBFC61E2474", "6758FD589A76487DB6421ACF317F7E42F52C2C62336F671B43C2B523483BF57E", "67A6DAD4F7DB5EFA4D058E5FA0886E6D1185C31EE7AFA1B194E5CA4D0F4A3F5C", "67B2FFD11F790787A36E0394080502A01EE907D975E33ADFF6E931A0E15B05F7", "67D7A2AD6D196C643D91F066E834B1EB9853338990881AE1012D2B5186629622", "67EEDC4E808A4DC3E092C0FD2F6DFB5714B1E7F2E2ECD7CE2F8B2F65F2D2B26F", "68F256DC5E144D5A2404101E56A66160645897F9BB7E8600047077C626B2FE43", "6920277579A35875812264472A148A4383E98310C21147950644BE922AD17700", "69705B1BAA4873CD6D3DFD5DA7B7341D01826FFE51F39B2692ADF931198AF4EF", "69A39D35FF9374902BEB26D9183E47ADA8A9F6E73B9981D10DC5E13E014BE244", "6A43E45FE98A49A0127D4FD81A7F70BC513609043DDA830926C4CD80286B1A17", "6A8A55C743F5391D7D369C906B376DD9C530FA03543B845C860F8EB78AB3CB9C", "6ADEAF325A5B46B34D6E419B67D91A45C9FD7E4F02587AF0F33D5FF933653E27", "6B9D154BCE10DADDC28B259A53CDE7ADF906DBCB05E8EF0696407EACF7A37CB7", "6BA70D78F086D07D5D04D35657C565B766597C9DE86C3B8D586D271713B4D89A", "6C6D0940826336DDE7832D99EA3E6BDC3CE6950B9638280B5C586B4770666429", "6C757A1C91E04FB4B501BD38ACC2F9B1632B8D11F4A1B1CE217A4940A24C149C", "6CB020CE84694787BB12E05DCB6CC95C33681B735ED0D48ED68FF5A99DD1D7A4", "6CC386F9299ECFE5F62C9D0954CED9917B32A3DFEB8BC98C8212D83DD7B53DF6", "6DD517DD7F557A31BB9EF8B8E2970701E7EBF9E1168A77A02C5EFC57A29C1AE3", "6DF2E72D03F9AA8435A0A58D154D82EDF5203309F8C81C42E35CBC71D2A79BDD", "6DFE02E47206439339CF69003DED7C6A339BE8A9FDA6611EA300ACF64BDB9DD1", "6F7048922D8A61251457955B080494180F71E1A62BD73A89D05AFA035062139D", "6FBF074F8D8E8E6000FCF6488B84CA43AEFB7DEF10B2CEFF0E7D0AE1140ADA41", "6FCF3A6897C9A1A085633762339E7EC8DFE631B6D2A160FA5D1ADBC3E11F92E1", "7156D43131599F71B03A8F8BDCE4755976A54F82BE32B0AEF105D1E6E781F384", "7295DCCE494A2CA195C0EC2BD4F052B62F3E1B45826D03ABBF986B81F58BDD31", "72E392728BCA627E900CA46B892A2B86465C877D468139416A39573D2D6C73F6", "73781BC7A0CCEF128DBC5E169F177E52BD5AD843F08787EBE0E19CC9088C2FA9", "73EAFB98AF656367DD4CBD6C4D9BDB98FBF39B358F625D93589F37D52771AA8D", "745004E6A8DD36244AE3AE2E238FB3CA9F40B885C5F912CA9FBBD7A9FEE76248", "7473C0056DBBEF7C541ECDFB31E947DC1520282F5E0172B7C965A9DECA661856", "747C7023F8D283A88FE9778F37629C7BF2E2A7E5268A695905F9F28590BF76D3", "74F5E89C7EB6E3A8C7C2E9F48433105F6F57D939625F806B7CBAA7DB402018FE", "75292E3923B26B0E2E5FF96584620DDCD8E3FA9B1B48381C5BCAA4B6590D82C7", "7566B2B0BD8AE66EDD74AA6296BA3C094CC3661C2B4C3EADB69127C0EBE5A710", "76FC3815A1052A74CFCD99C9C0F5C1F4FA7C289E70171A7BA16DE2B8E6DA736B", "772848C53596DE34465889DD28286A30DD0BBDA4107ED2CD760C99E75C2145EF", "77486B8B5BB16D0AE922BE517509C1AEDA2019428A2A23BADFAE5682D363F74A", "77C0F01606E7883D65A2981E1E5DAEA1712E790E6D5528DDD17691C666E43D15", "78230A0FDE17E1A4791590999547D790CF1340A3123CA146452B6C92AF70CA24", "786A4DDE0028F9E1A249EEFBD707DEEB8725D4ED4823D6C82561F75EC024844B", "78A368F74CC70EBA28E0358935B663EF2233666D59C87E6FDE201BF381484677", "78F199BD0B7C851B9B51668C7C03C7066EA862D4D07B5141F8116EE923472533", "7929CDAE262F0CF3678FFA6D8C6E7A4AED010B2992EDF5CAF927ABA03465EEE6", "794A981FD399EBD5536657DBAF1DAE711E990ACD594281258C7EF973CE9C1B38", "797C010D7F91BFD9A4AED687662A3AD4BBC6C570591ECDE2F84EA7CAFC728939", "7983BE44A6C4E41944C221D811E1DC4892B71919811445FF87B98FFB7655A0E3", "798879F6AAD008D9E01D338412E82FA508B4DEBE6C89AC1DDB29DDF6C8A511E2", "7A1D4AFC62D444E93951F6A46CA35876DD42680BFCB9DD562AE0F80A2C338D67", "7A36E54AFF586A013BFC64E0308098C6070D7FE82FD631B59758E4F661D42586", "7A4068A3E5D2DF05E44EF09D49CFB3F7A4F26F96B07A126D640260795B73AA0F", "7A722689696066F0764723099958DD60A4C2A6E1D3EC8E91FE513D5405BC1FC9", "7AA351B847C7732E8B7AE01A83A77CC863325C3B53A57FDDE54F4DF8D16D14C1", "7B60DE546B91D3886C995A5DE16291DEDDA95C96FC984BD69B852CF111B4C102", "7CCDD8E65FBE1F2581D0942E2116E4E61FB4753B4D48798C9D2BC8624C94826A", "7CE0B3947D8196985B00E6EB61ED45938560312360058DDC3063CF3D7BE03A81", "7D3ECDDF0FEF31AB10959BE94A3F76C4BE4F6CA1CC52373D0E460C5CA46E24A8", "7DDD006076946810EADC174FC2320565F527D46FFF5270A3D6916BF8993B12F9", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7E2A7C8E981FCA78A12F6D8992BE35354D42B960D223A90BF210EE5B300BFB9E", "7E4FF868DFA0F4BDAEDFDEB60188A16AB82AC45AB8EB35F1D260229F12C10341", "7E748FB7D2BF3C8C9A65B6AC1E01AE1CF23A69785B2DCE748AB18C63395DC19E", "7E846C52FF7D26445DCFC4472B6BC7E4EEADFD45513EDDFC6C395E9B800F576B", "7FF67E7B52DAFF24211DBF2A070CA6F859E1B8F13FEC5BEDB6B3E4A7B2894505", "800A58A21DE4F630ECEAAA1932A596AE5A4743CB06907F342619D1D7ACD5AB64", "801604295C016952DB2E8049DC0524C86569A636C5BC867E0FB7565B433600F8", "818495FB1C54B71E6C7753464B1C7C2926402C76844055039753A11157B24B81", "8191B5D601C7F186266C65C8DC79A0B94EDA45737524796672F9272DD3278F4E", "822A5D5DDFBAB14222D402C61CEAC1259D980506DB6102BD80EB619551AE1961", "83188B7337A79BED2EE122E55D4C81A473739295B1921C9346E1F37B317DCD40", "837053881E5EA3C6EA980180D7C7511FA7016F0506D6270160A596789757E6E7", "838686EA8660AF45865AC08A8AAF01B25ECE89F900D760F085C235BD477978AE", "839E4940A709DA7491A103F6A8FEB60A1B4120977A1D18A14F60C1482D3F81D7", "83BCD79CA2DA6E4D09DD2F427C463D4B4BD65176050EF7E295B09550287E5954", "845815D9CDB298E2A160DC797D38CC36D2F098B314D8007A4EFC76A7D4FE05E4", "8459314F4CDAD106D8D832AAAF0507C1DC8782E3A1B6DC0ADC92F0455FABC390", "86B15422FEE58FE9F2F1B22520453D09FFA84C6049446DCE8467C766E3B57967", "870093D07F2D1BC6903F68758BFC9ABE9984CCE5FE2C013D13AC7FB645217C4D", "87E69918E25D6751D3DFF28B93E0E32012AA2DB7FA1D0F74175CA8BE7330EFB7", "88119FF28113E384895FADEA63C7ABC2906571B02A874CF9D50260071AD58FB7", "881325FD02A11D222F8C6387D2AE6C395F5DB0E807D0D6809EDA591A93C5ECA9", "887B058F572F29D81FDE73F26FFA89AE94C5B73C248CDC8EB74C172F09B39B6D", "889513D802A76507558C54C040010996613C8881A261DD9C7C561CA24A30140B", "889BDCCC6E7E30B268AC402EC21A286236564E52F51774CD7DBF112BBF5738B7", "89170AA222353F9A48D8A118FE03328E07C65970B2FBD60979FC33A65AECC8CB", "893374FE903D82E10726F93A8E126C72248B18315149992024525319951E3097", "8968C94B71BE086C952CFA8BF1B1924C1CF6FFECA8B8864B828E68AABA1D96E8", "8A20ED34CC4EABFD78A0599C47EC735B1923D5C4CE1DF595D753961732461EA4", "8A368F9B7240AEC7A45518B26EE613BFEF287DD9E106138A5AD63F4D494034D6", "8A9E980FE740F4424FB663C857EE84E39154A02964A02540A3A74E4A80F058EE", "8B0CCF03E1AB5E837B22F3F63A7EBF415DCECEEC04D69C3EE480A021B1ACEDA0", "8B18A583802DE934D0ABAD4E3B44AE36DEAE634549737EEE9B825D44B47BD7DA", "8B1D9C3BB3CE6364BD0FE7732D06F394D6218ADAB37D1876856BEEE8923DFA4A", "8B49BD8B4756373645F1A1DA4BC3E31D1FE7BF1F5A0706A9665EE61D5A4B1419", "8BFAECB607AC421152AB7F28771EB7E348ED67531945E81E90370668E3D5E611", "8C4F67608FEEA7D395961B2737700E09B046F0F2AB8413387D3DBB8052E1F670", "8C8A687167096A3D2AA73F94AC7D6F1C43EF830C110ED1F9406D92FAD9FCBA59", "8D4EDC587A369AADC2A4B4B6CA60C94602327216807E8B71042463A2BF381325", "8E3EC3A49910FD61ADB4E5FDC225B58A74D0BA57105F3D9A6F1B3E46361C1307", "8E5EB05CFB883D682B3A2C7D645375420476C4616183B915FE43ADDF8FA697A1", "8F23BC6F6ACA48595EF36AF6F16485F638D8F0C8C7CEDC0710915E2F920BADF1", "8F6A844E65558AF61A350206417B63BD70D5B529641691C495C07407B13441B7", "8FA41F50A028003D6689B034A6CA3E840361D121B9F4B4350B17EAB4605438C4", "8FB323EC50EB5CCD3380176BF2571DDA8C7739DBF4BC558C9B57458B912FEEF7", "900B686502E0C61F1BAA043F9387495F4C4AF282D993D0971AFB618978232651", "901ED377EC341523A114DEAF8D8301C11692E1A0F0DD60A0905263E0F774971A", "90B290F66451E3E462C09788B6756181F62A92A8BAA10F2C4BD52977FD8E1B37", "90BE58D9524F7F6A98C3EE79C93A2EE6A0EA2C0D7E33DC628128C7D1BCFA8619", "91791263F482BE4327CB96A074DA5FD8EB133EF9DA47BE41713B960DCA5C33B4", "924D425FFD71097B50917C124D87FAE558BFB3C7DAEF1BEA09CE12CCD6B264B3", "92A25ACC7CA97D427DA5F098FEAD958217F50C6C07BA13888E0C08A046DD5DA3", "932EB6FF0C79CFA010373B06A99AA8906C2B3B3171A0D96A0399EF72EC35ED11", "93CDFA8C03248D597D60C2017F7D733F4F700BE22196422C5BBCCF8512C483EA", "93D1D146DA042B7DF95F3E441789ED00F56F8BE7414571CA7BFE7F979D411F74", "942A563AC62B9ED7ADC9AAA1A75FE9F97DA036B632DE9ECD7DC3CC1E19EC9A60", "94633A31471B22DF4D1E9508BA6DE360B6D37FAD329018F21926F838DAF45AB4", "9485C17C6737EACF77937D851901B067F4440B181E90652E1B22FC3F0E4AE5C0", "95D8A687FB6698AB935F605A18A6534132FB012F636376A917BEF6191ACC4930", "964A048B00AF3D409A4AA83094E36431FA7631859A2D4595D2F53EE838A705E3", "965AA3643F2C2723C5C9B471B69786B972B6D81B6C917B50EE5BFD6C8447279C", "976356D0F193356D662AC659E8578D3D0CC6C5711EA8A61D28A63CCA919F9900", "97D5F772EC68BDCD260FBB9DFB7A322AAAC657E9360305DF11F9C6A6A40D1B85", "980930D95C9061C71E85C435692629E07D952BA870609E55949143F9AA635712", "98A04CC0EA7881C96A7E329BAF7C31ADC048D33F22FE9A69884C784C5E2C1D70", "98E8ADB651CF5B20F85CF20BB2FAAACC7499AD8FB4A7166A169BB9B439D8FE6B", "990B694F8FEB56054D99331B4B4370CE96BC2A4FD7C4E2B75B5E537A91E83D24", "998E998A37AA40076F35ACE20C7E0016E44B1CC4EFB6AE26D0761C68B7C99657", "99D36C5A3B6C3FF496422C3FF600B7D254E5D81D1CC0F9184ECD1F8F03423FCD", "99FF29A09D0BE890AC564DB3DCDD94AB865214B4608F992E9C022C86A3C17076", "9A1FFC27915FCEB638A5FB6C3316111A4211363FE0EC89A0019FA42A7CB89808", "9A6C0D3F4E9D02D3ABB77CC1F15B5C57FED8926916549AF207B111EC9D3C5B1C", "9B0F66C4EFFAAF9FDB1B504C2B624740D85D778570BFE202D803740E0C99076C", "9B2D2564719ED56C3141552F55FEB8199EA6F22D5AB26D33E706D1E459A1EAE6", "9BBA472DF522BDB11A0F80EDDE168630BF88A9C15518FEE66140BBEE5585001A", "9BFFF73DB09075877DB19A13994A90F7D1CF13A8A5601B84DC0B84F8193E65C1", "9C638946C07968147BC89DE8BAE5211C4767A334F7213E99654F7C02ADD0E910", "9CF440D80F7C3ADDF67027FEB0B656E02CC2277FA267330BADF00CF32A1D4BEF", "9D21714C8A46FFA3AB195D14E14C9E6854AE7C8D7E68CC48DA42B63AB322B14A", "9D675243F41B597AEE7EC01ACEA307E5B73DA85724CE286F50180E2EF0DDC2E8", "9DA9D6C05FE03758B84DC068193CB0E2A82B2F411E24F383722448967D77B355", "9DC92E76D921D2F32AF89C6A9268FA55FE90987B5125CC3C9BFF3634818FDD1F", "9E0785F08078A693830D9375FB362720BEF15FAEDDCF6AF11F7E847FC4F2B207", "9E08A11DD23150C79E969A8FA933F7C903468F74CE144600AC32149CD9CCC3CD", "9E920D752F820EA82D75C60D58B7AC3711FD7B7EEE277A0DFBE043044ABC6629", "9F34E4D3B1044507E18917B1E2BE1AF6051A228EE5F8F69E5539B48FDFAF3B4D", "9FD1AC6E7F93ABD6198F576C4AC025E8DFA5007533DBD2FE78CC5BE3497FF3D6", "A0382B48F7C384AFB155EAF655E79909883460BE734639F7912AA364818BCB4C", "A060C0BC5CF92D0F7B8D81075A33D4E2887EE843B41F417A28EC2BBAB72FCED9", "A1172CC7FA385234D898CA63D8E4EB83D2025D25C3CBCD37454679EE62F294F3", "A15B390D080295157749FA22EBE90BAA7A33E1EC803752A1824ADBE8D7353A10", "A1680316198638EA55AFA837EE37AE44184E9B8BCA2B9FD668F06E417908DF87", "A1D2EE183CE8C9693B1DCADBA6A6AC4E58CAAD746DE6081E211B0D2080D3C3E4", "A2133DCF0D67EC30E5F3D15E39561490E1B16A2750CD5C806DC8F9E95825E247", "A22A62D71C3EEC00971E326ED7FCCDE4C2959771727429F852D98592C456C126", "A264D72AF012C33CABCDEE09605EBB277263FB33567A89DC0831C44257A7E37C", "A31AAAB46398C4CA9F3552FA53EB3F0DB8FD1384559E2048B5321E5BB6936FB2", "A326E188CED4EABC01874E1D337797D5BC22F3ADB5FAF12692F46CA9F4CEEEA1", "A339910401C1CBEBCD02CB63650E2A2F954071F79CBC8E8EA704AFBB756CF438", "A3AEABE024AE1D8520A5BB495A67D45783D1F2AC4B3F9F3B682E75291FD8E20A", "A3BC60725F0EAC71F9F85D52468B5D776A02B53D2F6CC6F5075461F1867C9EA8", "A44F3C58E434BA15FF852853D94A3A21A868AF86E9655A8594367CADBE40A491", "A50C7AAB1038318633BD6D54470AC947DDB79DE3241C7C7C305CAC988778D0A7", "A5803C821BBFCE3CF61C99A5753B13549E824EAC069265D225FFBDF6B568BCDB", "A61564D752A2637A5306DF51328148AB1D1EAAC0735226DD1D9F500C5DAECC37", "A63F8286ED566216D7E1AAC953B1EE13F411C7A21B6A77C2B91FB5F5DC83384A", "A6A496B2E032EDA1F9C9B0D3982C6A52B7D925C02D0F2EFE157394C4851AEBA7", "A6B79EA77FF12E690D40F605757B18FA9561F56797862582866D9A26B345F82D", "A740554B49FF2C28448E8B6CAEB6B5186A59385D0F06901909CFF1DCA81D60FC", "A7C08E9177A10AC583EA198F89BF0B091ED0697BF42F39DC0B151F7465C9BAF3", "A8769BC2B0DB66C792D9EFA7CBEF5668B22FB52A475E194FEB169B3B4BC31FD6", "A88A9645C8F75892D90D8542DC9FBE5895FAA1BF48BAF9F16E2A36E690C7A8F5", "A9139EA8D202B9FE20D64E771F1FC89C7E9393774315A6265F9CE70E716E1833", "A986F0D7B51C204D69DD897A085F9CB249B65DF7C839AF92D49287ACDEBDA05D", "A9B63F0DBA193CFFCFE78E0BFADD5C8ADA02B92500E16CBF9385EE4AB5A92A9F", "AA0BE28E43B39021D906F1E285D2540CB9B25A4A55710B6D452BCC77A0E1BFFD", "AA3BDAF8E33B6E3ED2F924A99C734FE82BC738F506CB900388E32E3FD4CCDA88", "AAB14D78054A85A0638FC4EFD7F09686429CB02C6B45FF1ECAFA55C27A050635", "AB8881439FA512D752063B5AB323E9C076039DB482070536304B448AE092D8CD", "ABBF3678DDF9E39DBE04B3B978A0450391CF37E5840B6C10C068AED5D170AB44", "AC1B4BF839D3912B4646DFB21DA46EFE78B9249D5C29B4FAB631753998720DBE", "ACEB831DB775B18663FB8C7ED41AB48BFEC59B9270C9444D8DADE42DF02434E0", "AD5C7F7150FBD846C587F5FAD0D7C7B48F81990F52A351F824E5CBBBAC83F163", "AE2FA11123F866B1C71B66A57712F1082B82D3EB4221232EC14E14446822A705", "AE98DBCCCCED8FE9C2F0A9A3294999AEF099215A25C0EDDDFD95DF899965A340", "AF14D81F9945B81EA39B6923FB2CB4E62949A34EE9CCFEF7120D6D6700FA48A1", "AF2A638F83D6BFEFF86D2F4D7BA2ED537C7365098181D50294EBF759BAAD8196", "AFF479D95FDAD4900AA4F096E105276FA32246E4CF2C4642D2BFEACB19522885", "AFFC971A929ABC4A5177F4FBA7D32B82C0ACBC71AEFBBD3E440D08B12B022B51", "B07B2DDB76A96BB8480E22188347E3C9EE42A03F24868518880519216E52F154", "B0A8BF7D544954AF5D193262AAD0DEAC7961A5AAEEC3623B441BB795753711B6", "B1EA708CCF72B8264EA46A7D99E1616E7334C67D440D87A4F97B2B4087696EFD", "B2EA2FBA4D280351FEA7F9EC1921C448D44F4D9EC613590A87A15467F7D34153", "B30C006BF323BCAF8E8EF0489319D47B3A0FB0928442F9EB350A3520109F9F72", "B3795437971BBFF553B6A4E1067F15162BCF6961507ED86899C33084B3A1A74C", "B39F7DFF040AEE7948452F4B23B147EBA3BC088DA5624E4E7B049C051EB56B60", "B431011ABF67E8DD4F4E3E4C9F9FD0B1E6E07733191BA7206314070644F2CAF0", "B4779B52313D85FE1157604480F675A0E2BA765BB08DE9BEA2664A6C3AD0F47B", "B47B01CFCEE320F0AE033C32D22579706D0B59585EDEDF3D908CA06FA3E92084", "B5B6C4769983441433B811EF3AAED6CFC993849D42BC924ECF1CCA5E34838148", "B5D3987D37FA57ECB44634029606786ADADCB0901EF9858232A7D33908EC5FD2", "B62071204643E59AD31EF38C3F1DA735EF11A4D940DEE816C67BC98D03AE1325", "B64A774A97E473F3AB083F3A224A18A413117B49C484DAF0B87A6F8EF42FE7EC", "B682A1DCF5A33AB9CBD3062B0DF0A131D5180AA2BBD201782B95DC8A2C33D1AA", "B73437073599A5973472D300EA14AD94DB00FCC9790D93795D0BCA840608CBF4", "B735C91C5D46BD88FD491D67AB17706F0B9FDF9D50797EB4994A198C09D7FD04", "B7376C4EB80B7D4936C0682206BD2DC0AD5969B181368D3EB95A8FBA366BDB63", "B7852BDD3533186AC6979A54CCDE0022BDF398859D24F1C5947BA48C3FFF817D", "B7A13FB33FCF20165BBA366C8F6B69286BA3919797513F5D1D731C55600F3ADA", "B84D93E3499FACC541A0AABEC728C38D750E7B8337249C20B04765E1E407C7EA", "B8CB582AD4C9B18B3C5CCBAB5234D749FD3D0D9E37A5EF38D599A964E5AE80A1", "B9F14FDA85553B1CFC437ADD80AE8D3308F5F7116C42963946938CBE5C5EA56F", "BA4F5153F7218CA2919C447302324B583F37CF0D794B41E34C5B63CF577C6462", "BAF43585A5ABFAA551BDE0DDB4AD7ECB0C42E21551DBFD52E1607957FAE4176A", "BAFF6760E68C0F676AFA3DA20E18B06BD703574BC65B9BFDBCD22ACCE05F7FEB", "BB645F2F67DDEFCDF7381A9AF56F998628C445D508AA5CE8B9F1A085A16618A9", "BB76D9518CCBAE68500AB2DACF1AAAF9F5532441FD3A705A4E4A39114EEBDC0C", "BB785F5F4B456D5F3322E9222022F0E38411602612EBF72BC61AEEABF7FEC2A9", "BB96DF8C4863ECA5111B83DE1E5DBA4C67AC8E6999013404D8DD87C98CC7B60D", "BBA20026A90E4F85555F0C8BD6248AE07F7DE01D687CD62F0159CF4B22E7DA25", "BBB0C0E9DDF621A6AE6C42CB1DFF2B33670CE69032E5482B47DC24C860F78C9A", "BC211A04A89A3D6C892D39DF65D14B15A7F4133A6CBF09E13725987061E25A00", "BC3A1086428BA3DB72FFD49EA27AAB3A8A9FA0DD5D576D47E0467AE96C365754", "BD8AEC08AE2FA3C7B6CDD03A046DE8D2D846B9AC7A7C2948B791173D0622B3A4", "BE7DD314CD7039219534B2612D0FEFD382DCC5D154AD49257A517A91FA728423", "BFA9A84596ADAC3A47B31C43DD8574B1E532311E1F9B01F003F6AEFDDA4BAACF", "BFA9E5B9CD204137C5C40A62AFA0C09607B8FABF6ADAD16BDE69778F6E3530F1", "C04EDE0E9159DC9AE235755A284662F042D80745649864CE91E7E3E4563221F6", "C0CE38B8081A59A18598B204BF933579D5A04D57C0E8BBBEC053AC1350A2938C", "C1BEC46524F176FAE4CBB603AC283FC9F12029FC3579BBDE20A1B80FA597B0FC", "C2237C9E392140DF345D4F27313E311319950EA31DDC914C3D14593CDDC6E954", "C2D7FDE6929D1789B9A1618D087E5DCB3FC2780B2EC1CA3CFF40FDF3AD014A8E", "C3A579D5583598BF4F36F66A731C39A1C3E23351DFAFC16956E2C8DAB030AEBF", "C4B2A7F25639B468CB0778EA1E561F435356D460FB4D417EEBDD1C83186B56CD", "C717E3C358B1EA0AC9E1701DBA722015744796BC3CBA66E7AD79D30CEB45BD60", "C741AA98787A9F837D93EA7D1268C62A551244CB826F0BEFDB076F796F78AB33", "C786E96DD673C5766A45B6750BE6B879F3CF37718ACD79668ADC1130AF26E274", "C7FAA00C9C125584B8B9505CE7E7AC97AF7514904E37D2747A78CB0B5B0F3315", "C810746DF12642CDB3444A565C3CE3ABFEFAE31EFE9FE6BC4718CE76334BEB88", "C880E056FA204218A84A61C31DFC839867B32C5A7A216BBFF825B8013A446E7F", "CA111B4E9CA9EC240292C6D00FE0CF8C7559AC1453E3199BC3370D149FB11174", "CA643463AA3DD27CF347651D7B084BEA39601B3E21A99AD0FE90A4163037F126", "CAFAD37095CEBA99EF778D2931F92E63AD559FB3D7F5D2BEFB16ED0B4FFDD8E0", "CB1A96B060B639265D7CCD4E0C186EA367A7C82E1756FDF32E57D9F350AD3873", "CBB581AC5D80B638C7627B6A6973FE321320C79B550AC39125687D95CDB8F7BE", "CBB6711004455A0722EAF33EA7E16444AE4DF08D1F9C341B64251DB448ACCBB4", "CC8B5EAED9F16E46FA900651589C00B568FED80DA1BF6B1F0CD9487C5E056E7C", "CCE2284A1DEFC26817EC9BCCD38DA7A3854365480FF9426304A46C0C98F30195", "CCE74B609685420B52F0CE6D14ACF26F43DB5C6A64A19034DCD1E9CB0CA2BE72", "CCF869217B83C7570F586028248E128FA170E16792CBF3BAD70423425B1BD638", "CD617F98180D24BACD7FAE3B791B49B329F7F25DC885A6AD81CD6A815194B6BA", "CDB95A8580AD247B239607B2769A506C10A81055AF8F4063AA0D26A850A33B58", "CDC93F5A32848FF0073C48EDC66593F2A0A2AACCAE9802E843826C6E565AE2E9", "CDDC441D27E108C0C02A93DB9A7C32A887C12C059B5D2279EA48BF038E8D5170", "CDF01D5D29ED4731048DA0F1A6FDE407B2DA246B226E3DF9945EBC838B4660A1", "CE291DB15FB1A7FDE49870DEF70725290D757902B5EB4009CD8DC9710150329D", "CE6A6F0970C169F7DBE65AA5DFCFCEC0BEA99E837906D043FD4B6D3BF7A87D67", "CE9B7DAE68B959C5E4A5F965424DF5CB00879B1AB1296B115DB9CB1B8ACD054F", "CF49D3C68973180FF18BD6C75A4B377A56810C21E28DDDFFBFD24EC340BB8DA8", "CF56D9AEC134D68DA67A2476D2B87833F63F32777672C1C66A8D8FF69C08623B", "CFDD5A9C7B8C9F6AFEAF6B1C68FF8C11BEADF52EE2E731CBCD194CACB1898BD6", "D0F2649F94806F3BD8B6996A413257C3454A5FF5033B50B88A71C9C124BF3BDA", "D156BD5A77A183961676EA2393F58C31A72725CEC216EB199E31487998BE491C", "D15F96A6A2133C2CD625057126D31B71488849CB6D471551AF6177AE83F15B0E", "D1AE67729464A342CD821E34A111F6443307BB2FB20B64977E213E870EE41A3C", "D1B56895A302CB106810B80548010A8993C467A6D8B6EA61EB430703400A5ED8", "D28059E3586B0D388C9730F39F465209B85837647BDD3C8A062B83B83D85440D", "D28370F3789940A6A2F0B48D0BB882F7E298E5B8C7167BC16F9FB06B92DBCF35", "D2F45C96EB49AFC2B652E7D45AA056C9A181453656E766BAD269586E7F2C3CFB", "D406490E70A52CFB0315F27FCD957BFAE7E7B2887A6C73BE83E3F514F1153348", "D47611BA4D06A4B35D9FCBB59044890D2897458BA2C2ECCD2338DC6FD72E70CD", "D4AC8637482E0D53AE579FBD19E568DF643A9D732D1995CBEF53FC6B867F82DA", "D6A22AE665DEADE235C2738407D64638A424C6CC505B816BFEA12DEFCC5CD645", "D728283BFB4D0C3BC5C98FA880696DFC59C2A5FA652666E966D126A6D7FC92FA", "D78F8119FF4EBAA3EA6E8A906FCEFE0DB24B626AB87F3DFEBFA899904F726130", "D792D660667D934B582774E627CB3E2E010E497C8C1D9F4B7C138E4B5DC2ECEC", "D7F42748501798B46C92E5DDE65168A07A34CDC17FA2997DA4B2703CB1DEE689", "D928C805B6C7AD1BA5D5DA1EB77352559E54787E379CD22474A13592C0B83C20", "D9425756DF631BB7CA03B3451BD1F9C557325B8A2BB0CD34A22102962A0F4213", "D9D2F8F1F4727F09E77272D6C8643C3016BCD6A8E4BC6E59B27B37256F4F8F76", "D9D956C60F66CFAE1D9189841B4A3D7D9E24B0A79B088C79120CBB100E34A220", "DACB3E9783156FCD47517FD5E71AA5A2242EAA043F56F2EA75EC325BA052BDDD", "DAD6E642502813DE6B9563D13D4513415BAE90E68BEF31D45DE8D7346CF0EF4B", "DC0307C89ADC9BDECEC60787C47BEC8B9B8EE78D2B6C0A47849682B1DA27D02F", "DC086AC7F5679D9F84A3DA8B91FAB9C0F09EF5EFB4C8687216156974F51B6283", "DC8DDF14896292FD9EAD225F18D86C0B9B786AE54F24D180A2D481E7E1545699", "DCE05236BD35B28C109059A740CACEE5CE345130605BA9DEA39EFDA6BC532303", "DD0F134566603D6A0E5E50A163E031437D8715545DCC8A6A2285C28BD48328D0", "DE8C5DCB7F07498942725CF8F7905DBA001C7B89D3D36370CC303A274CB9A8EB", "DEAB63B690E03D8E8203ACA19836C2D36A8ED9D5C66A32CCF4F7F6B6C9F8DE84", "DF10251E3781DB89E977C04275F005CA31E770A1B5E3D3C3549F931A61FC1418", "DF191538C8CFADC9C4FBA779294B9A47AEEFD56EB05A6B7BA858EC03DB26B960", "DF1F3615A0C3950BF1BCF7F7E12370C0F3A7DBD2E12D656DC66F966233BD6A40", "DF859649010EE2675B4BBF6D4BFAE7D654D24685054B3403A45C4270AD966550", "DF989094B08F10BFBA2DA2F5ED5CF27B371F00C6520140A5C25FA34A1EEA15E3", "E036688C47591ADE56001D0CD1013191D6F43940CA2DB9509F5FCF0F2469F92A", "E04842499BA6DBF5423B1C2D99E7E204D6DCA991703C7EF467D56949F4429941", "E0CC2350C4B81A12C3DEE043992E8DA578FE7AE22784D3F87594BBD243D174F8", "E0F75591E2E6874A35B6A6C7681543B81128F5226E803A2CCE1D1B664BFC8638", "E11D1831D193AEF5FF2EB9D7788E4B69929BB9B8080F134F95019007DD6ACC7C", "E141221C1C63036AE1C76B976A04706F4495C39812FC722478A0C755043A0E14", "E1810AD4BA382A8D222D20A49D11C634E6C5240D3F69652E51FC068062DED465", "E1AA3D97D0A008B69352CC5E2F888203563EB34424C5DF0365834A2909756E98", "E2AA9B11D88890FE4ED3C245CC3A519ACAAD11F11F032D2AE032FE428B8C4012", "E2E1AB8B9E10CF0970D428552F10FD3FEA7D405315E7CCA6431E3F0E8079B159", "E32737978668877844511A4A9B923FA4352484A2108E7BFCECFCD1FBA9A6DC3E", "E36B23DB3CC2EC748DF333353AEDE5A1F8FAA97C1F1DC67E27CD4759E7D0C960", "E3C82809E8425A65E53029135451CC9579AA725E2D85009F892DD0A0FD979ED9", "E41278F69BC61D835FAC88FBCE06075D73C74B99B009DE680A92B2B68FE577DB", "E4141DD78AFBC22DDE732910F84CF4E67B4F57A1062C9D9AFC473A5AF4412618", "E4BB174D5F36C04B1321B9AADDD8EB4275D42FBFE07353D49027683067DC2544", "E636319395E5D666C247860149142969762B284D3BE296819A5644E6AE6DDA15", "E679F241D5F455DCABCB653D142792B97352015B6DD79A1EB36DB0B4D54B2902", "E67F6EE1C05A0DFBB7E42F8DDE81795FCC3D933297C925E42690163F0C1D21A6", "E768DE91BF7E8E606F099059B1E929E702C77A0ABF077A838A029E8E2A371C3A", "E775C68CA18D51E91E688F1880BD5AF1955B5F4DF7397FA28CC721E37DAFB99A", "E7E10B1CFDE7DBAE5E93EB8EF50E03FCA4DAE3C0D9270B040B02BCEE5D0199B9", "E8302DECE1CECF16A05E7F8FBA08D33074F30279F18CDDBABA912B9C9DF9F32D", "E84CA6147175A22CB9253587142088EB24B6AE0BD11EC07E71E299F57DD05739", "E8825B71ACE31BFAA5662E2357C5EEB425BA842AC21E60C761364799BFD2FEE3", "E8BA6A75873A4594BE92FFE48C361848E9581DAA153EABDC1D071E1A59172338", "E8F51881DAE14FCDADA936B8D5D5F92A4EF77D876EFC3AA37A50B86D7AD4FB8C", "EA69F3ACF81616FFD52E1EC0A74B074CC736B3675D7B61644018A9252D9BD284", "EACE8EC2B7164C19E5BA497C1D57887C847EC033403098801408B0F6BB2B6736", "EBDD1B77CC71D5E7D7E88D21F7F8C7988F44B743E7ABCFC5258E806235EC65A9", "EC0C759309C32A19DC56E576DCDFAB1407F0FF33CADF9A0AB5DAD11FF7582386", "EC30ECD33C1F811F3DDDCB1144A3CDC460FF7F28E2EA9EEEF97940C06B1081DB", "ECC7277FA4D1E6C0C387927905899E353FF202FB061043E0FC8C0DBCF3150F7E", "ED7164C07048A48E59D18BAADA456D0655A81F29CABBDEFA06735647C2B759EA", "ED78D94545EF8A4A811D2C198EC427B8C46CA1FE3BBC9D6A2DC20DD440CB6FDC", "EDA30B3C2FB2766DFAA280B3B5E960EC660172EBFF7B73A524DCE514A3A3F985", "EDE4964F39F9BF0F2B377EE51B1BB4E76B234CF4F49F0BB914D870DEEB9ECF43", "EE31BACFE4E2531B3AC2273027A23C49C59978284694658A79B4BC6797F86ACB", "EE7C7082B77D791A00974EDB50B2C0657DE8DB73762954DFE571C7419512AB7D", "EEB9F637A1F722A33311A1CC97D36CD7CAF67F75476444FB7CF2C139F01D2DDB", "EEE380D4251EC8087F70E591F9649F8F72DC3CEE1BB76652685094DC3531CA8D", "EF05485B7227E17E422CCBDF0EC02D62F554406DEDDDC7A1772D75D577035F79", "EF5F7BA296D0A7B4B6CC058D9B89B1BFEE714F79C2BC4541813DA99A292450B9", "EF71291A92B5250A0A03CC8B24766E487991713BE06BEFF3A0428155C170ECB7", "EFA06779A2DA162F7F70171BAC9D53E998DA486C75081458549AFE875DB6E5B5", "EFC94A6E1DA52C8EA7A5811D6A4381770FA24130DB4CFD911120046DD916261B", "EFD4687D2DC8ADFBEC960932263D6DA222DDFA92899BC72A9B9D62B4331178A6", "EFDFE082CB228817901C0A798DBED3A1735E42218A0E895E4B59ADE290380A7C", "EFEF2244E948829C5D18D7E375890D878EF65279FF91004B2295614B4406FAED", "F0166F21D9D8651F7C71CAAA5131EEC4CE044F990491482A736F6DD767A3EC0F", "F0259373A53F6B73B3C7BD9A2F3F10DB053D9CC563866E61F5A496D33B416EA9", "F02EA1DD204629897DA1861F147A272B72A3FA34A5315D58B896A636EAE341F5", "F0806D2A2F2817DD3A11695DB658C0C7C64B134E8875822DCE8F5D73AC04E97B", "F093A08993AEB53C8D5F6F2FE220825F9FC675CC904F54B3FE037444F61A7876", "F113CA457DF79DD694F8C52C550D0897D39AAE7DADB2E1164E1DC89D00D39886", "F16DAE77B5D6C7D782818596F851DFFB29226C0550922519EFC4250E27D09D67", "F18F021F8259C21D1B03D3A3C3F5FD97D6A165E424FE86F9986F545F5A914F8E", "F203AF8FB4A9FED8F009C8BF5E3F7D7714130DCBC84CDBF1BE1C83E438B18982", "F20E63C2D2D2AA05D977555688CD3131DF08DA240FDFCEB0B017DF8A789BCCEE", "F28901CFE45D1D428C63CC881FFA753E9073E21717B6E26FF45848C3370F2142", "F2901ADEFFDC496A6F27CBD82624C55C4B805D9C77EBED14A24ED2CCC730C354", "F35EB0C55F08CA4C671A4E6D2454A08936C6D1CD868709D0EE04FB71FFC263C1", "F3EF1FC432D040B91FC6C5AEB324AF8CE32BCFB7A9A0360FC4722981B736F64F", "F41D64245E9C69CD04E556172E2468B18DD4D4D9EE33BE17C7EF278459123D5D", "F435C74BF942E3B3A5FEF2B742E716E29826D42678DE6AB053B1766FC7314452", "F7232359E6413A274B62C22CB7BF1EF8C428ADFBF22EF7B9B913D63D087BCACB", "F7C19A7605675E9987440B6BF7B68981E4BF3E0D66DA301FB2606050CEF205B2", "F87FC0205831D55077572E0726A08670B5F427CFA9B7D7AFD37789682465E5F5", "F89923018671257EB76989AE7AB9D39396FBAD6F8846CB56D6915361F1CCCC48", "F89C58C25B9A335D1850AEB3A511AB087F4E259CB263A87C0C3C6A54AC1924BF", "F89D3081DA6B5CB2F4FF097D956A1B15C95A11155B2977DE948E9FE8ECD15A28", "F8F03C35A3C8AEA5027E6C01D991D7E1C3A4A0C9EAE0D875ACF760D1D56B8B9C", "F9AB06770448FA3E4FD25D51718E68EDF2A19C2ABF8D6E9BD3EB8FAE9FE904CC", "F9CD245944BE763583F94B01BC23C08D6F82CA4989F000C1D0842D4005C4EF11", "FA35B92A299B675BEA0342A01E6C1F59FDC7A8D103D38B27A3E27A0758B36DC2", "FA8CCED2D5B77B978F428FA2F61CD879A13EF9DAC53A5435AC48BEE003AC2363", "FAD5EEE9FD5547B3BC0F26582580EC66DC6193FFFF5B317ECA1DEDB5F001336A", "FBA658AB7258D6E577137D42B1A2D234254671E3792A2242E92F22B44483BD23", "FC9172D16F62D7749E6C1369AB9D86ABC42163C780B457F765109BE80ACAD9CF", "FCA762BB9E14A08E1A746C9884B2B094D081A955F4AED9FE69DA524978C45CE9", "FD7B4551E68C6A5B21AD8C3E07FF7CB6ED5402B6F6CD6D419A3FCC60FFB43FC4", "FD90B8CB0F60381B89DB489D4F28883B2B08D5BF67796B29DF21E510CCF7594F", "FE6D95CEEFE9596CD6D6134F8326AB13E3C97D550B3E62F57DECDBDBC51C329A", "FEC06635C46DD9EB6B2F50E66A9B098564986FB86BF7FDE8DBF9F7E295CE3162", "FEEA34664C5A4E976332334C2C71D85372FBA61A35160B36A5D423F817DFCA12", "FFB1DE47049D302B3C804FCFC90E8D4C1A715F59A9B241F24946D4A7A6598C10", "FFB480E3AA8E74E184658371B22D113F0FB890C232EB9EE9B8A8294BE098DDAE", "FFF0238333AAC9C302B602B36ADA76C6BDDE2A493106B114D0A3A45C8740777D"]}, {"type": "ics", "idList": ["ICSA-21-357-02", "ICSA-22-034-01"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:0009F92C7DBF6D1163E64AF402687506", "IMPERVABLOG:357497C932E21C66FB08D2C9B8EE9CA2", "IMPERVABLOG:5E03360E0443A626205E9BCF969114F6", "IMPERVABLOG:7CB37AC69862942C5D316E69A7815579", "IMPERVABLOG:B4C9A56D0F82346F616E74B1CFB10A5D", "IMPERVABLOG:B69DFFED5C2E2C9D2F9917E3F4915200", "IMPERVABLOG:BB63986B2DE2CCB2C65DD3747791097F", "IMPERVABLOG:BE9CCB7ADF74E2AEFC999FEE704CDE71", "IMPERVABLOG:BEE8EB9D446D0AF62464EE59DFA0CE0E", "IMPERVABLOG:DB0BBA5A6E2E523FAA7F7A73C45FEA96"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00646"]}, {"type": "kaspersky", "idList": ["KLA12390", "KLA12391", "KLA12392", "KLA12393", "KLA12394", "KLA12395", "KLA12396", "KLA12442"]}, {"type": "kitploit", "idList": ["KITPLOIT:1207079539580982634", "KITPLOIT:134021490040098714", "KITPLOIT:144331229809700743", "KITPLOIT:1680589374755422772", "KITPLOIT:3188944951765917430", "KITPLOIT:3773942873037113539", "KITPLOIT:4125185526326677098", "KITPLOIT:4333067961180534072", "KITPLOIT:4462385753504235463", "KITPLOIT:4654779182065061303", "KITPLOIT:5104415481503400470", "KITPLOIT:522409803487164759", "KITPLOIT:5734436811250397170", "KITPLOIT:5789499291738758939", "KITPLOIT:6411625084720414057", "KITPLOIT:6422486000446318290", "KITPLOIT:6759391622067035795", "KITPLOIT:7847586937102427883", "KITPLOIT:7976092996345827446", "KITPLOIT:8031680161397698025", "KITPLOIT:8148701901300660800", "KITPLOIT:8266451932034361580", "KITPLOIT:866017936175971203", "KITPLOIT:8945091038325456871"]}, {"type": "mageia", "idList": ["MGASA-2021-0542", "MGASA-2021-0556", "MGASA-2021-0566", "MGASA-2021-0572", "MGASA-2021-0592", "MGASA-2022-0009"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:1B8D17909172F80C0F82CB21FDFC33B2", "MALWAREBYTES:39A05D4A4EC81966F7A1721DFACB3470", "MALWAREBYTES:4CB01833826116B2823401DFB69A5431", "MALWAREBYTES:A325F8FB1D527BD3C6C1C3A187840632", "MALWAREBYTES:B8C767042833344389F6158273089954", "MALWAREBYTES:D081BF7F95E3F31C6DB8CEF9AD86BD0D"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY-SCANNER-HTTP-LOG4SHELL_SCANNER-", "MSF:EXPLOIT-LINUX-HTTP-MOBILEIRON_CORE_LOG4SHELL-", "MSF:EXPLOIT-MULTI-HTTP-LOG4SHELL_HEADER_INJECTION-", "MSF:EXPLOIT-MULTI-HTTP-VMWARE_VCENTER_LOG4SHELL-"]}, {"type": "mmpc", "idList": ["MMPC:1E3441B57C08BC18202B9FE758C2CA71", "MMPC:27EEFD67E5E7E712750B1472E15C5A0B", "MMPC:42ECD98DCF925DC4063DE66F75FB5433", "MMPC:567C6CC66BD942B4F1BBE84ED9F6665B", "MMPC:BB2F5840056D55375C4A19D2FF07C695", "MMPC:F36351D1B5A5C40989F46EF8729039A7"]}, {"type": "mscve", "idList": ["MS:CVE-2021-44228"]}, {"type": "msrc", "idList": ["MSRC:543F3A129A47F4B14FB170389908717B", "MSRC:9783BD8B3A34301D0C5C34D252854BDF", "MSRC:C6213215CC0BE4847F142F730607AFA2"]}, {"type": "mssecure", "idList": ["MSSECURE:1E3441B57C08BC18202B9FE758C2CA71", "MSSECURE:27EEFD67E5E7E712750B1472E15C5A0B", "MSSECURE:42ECD98DCF925DC4063DE66F75FB5433", "MSSECURE:567C6CC66BD942B4F1BBE84ED9F6665B", "MSSECURE:BB2F5840056D55375C4A19D2FF07C695", "MSSECURE:F36351D1B5A5C40989F46EF8729039A7"]}, {"type": "nessus", "idList": ["AL2022_ALAS2022-2022-214.NASL", "AL2022_ALAS2022-2022-225.NASL", "AL2_ALAS-2021-001.NASL", "AL2_ALAS-2021-1718.NASL", "AL2_ALAS-2021-1726.NASL", "AL2_ALAS-2021-1730.NASL", "AL2_ALAS-2021-1731.NASL", "AL2_ALAS-2021-1732.NASL", "AL2_ALAS-2021-1733.NASL", "AL2_ALAS-2022-1773.NASL", "AL2_ALAS-2022-1806.NASL", "AL2_ALASCORRETTO8-2021-001.NASL", "AL2_ALASJAVA-OPENJDK11-2021-001.NASL", "ALA_ALAS-2021-1553.NASL", "ALA_ALAS-2021-1554.NASL", "ALA_ALAS-2022-1561.NASL", "ALA_ALAS-2022-1562.NASL", "ALA_ALAS-2022-1580.NASL", "ALA_ALAS-2022-1601.NASL", "ALMA_LINUX_ALSA-2021-3891.NASL", "ALMA_LINUX_ALSA-2021-3893.NASL", "ALMA_LINUX_ALSA-2021-4135.NASL", "ALMA_LINUX_ALSA-2021-5171.NASL", "ALMA_LINUX_ALSA-2022-0290.NASL", "ALMA_LINUX_ALSA-2022-0350.NASL", "AMAZON_CORRETTO_11_0_13_8_1.NASL", "AMAZON_CORRETTO_17_0_1_12_1.NASL", "AMAZON_CORRETTO_8_312_07_1.NASL", "APACHE_APEREO_CAS_LOG4SHELL.NBIN", "APACHE_DRUID_LOG4SHELL.NBIN", "APACHE_JSPWIKI_LOG4SHELL.NBIN", "APACHE_LOG4J_2_15_0.NASL", "APACHE_LOG4J_2_16_0.NASL", "APACHE_LOG4J_2_16_0_MAC.NASL", "APACHE_LOG4J_2_17_0.NASL", "APACHE_LOG4J_2_17_0_MAC.NASL", "APACHE_LOG4J_JDNI_LDAP_GENERIC.NBIN", "APACHE_LOG4J_JDNI_LDAP_GENERIC_HTTP_HEADERS.NBIN", "APACHE_LOG4J_JDNI_LDAP_GENERIC_TELNET.NBIN", "APACHE_LOG4J_JNDI_LDAP_GENERIC_RAW.NBIN", "APACHE_LOG4J_WIN_2_15_0.NASL", "APACHE_LOG4SHELL_CVE-2021-45056_DIRECT_CHECK.NBIN", "APACHE_LOG4SHELL_DNS.NBIN", "APACHE_LOG4SHELL_IMAP.NBIN", "APACHE_LOG4SHELL_MSRPC.NBIN", "APACHE_LOG4SHELL_NETBIOS.NBIN", "APACHE_LOG4SHELL_POP3.NBIN", "APACHE_LOG4SHELL_SMTP.NBIN", "APACHE_LOG4SHELL_SNMP.NBIN", "APACHE_LOG4SHELL_SSH.NBIN", "APACHE_LOG4SHELL_UPNP.NBIN", "APACHE_OFBIZ_LOG4SHELL.NBIN", "APACHE_SOLR_LOG4SHELL.NBIN", "AZUL_ZULU_17_30_16.NASL", "CENTOS8_RHSA-2021-3891.NASL", "CENTOS8_RHSA-2021-3893.NASL", "CENTOS8_RHSA-2021-4135.NASL", "CENTOS8_RHSA-2021-5171.NASL", "CENTOS8_RHSA-2022-0350.NASL", "CENTOS_RHSA-2021-3889.NASL", "CENTOS_RHSA-2021-3892.NASL", "CISCO-SA-APACHE-LOG4J-QRUKNEBD-CUIC.NASL", "CISCO-SA-APACHE-LOG4J-QRUKNEBD-ISE.NASL", "CISCO-SA-APACHE-LOG4J-QRUKNEBD-SDWAN-VMANAGE.NASL", "CISCO-SA-APACHE-LOG4J-QRUKNEBD-UCS-DIRECTOR.NASL", "CLOUDBEES-SECURITY-ADVISORY-2021-12-01.NASL", "DEBIAN_DLA-2814.NASL", "DEBIAN_DLA-2842.NASL", "DEBIAN_DLA-2852.NASL", "DEBIAN_DLA-2905.NASL", "DEBIAN_DSA-5000.NASL", "DEBIAN_DSA-5020.NASL", "DEBIAN_DSA-5022.NASL", "DEBIAN_DSA-5024.NASL", "DEBIAN_DSA-5170.NASL", "EULEROS_SA-2021-2933.NASL", "EULEROS_SA-2022-1169.NASL", "EULEROS_SA-2022-1170.NASL", "EULEROS_SA-2022-1195.NASL", "EULEROS_SA-2022-1276.NASL", "EULEROS_SA-2022-2272.NASL", "FREEBSD_PKG_1EA05BB85D7411ECBB1E001517A2E1A4.NASL", "FREEBSD_PKG_3FADD7E4F8FB45A0A2188FD6423C338F.NASL", "FREEBSD_PKG_4B1AC5A35BD411EC8602589CFC007716.NASL", "FREEBSD_PKG_515DF85A5CD711ECA16D001517A2E1A4.NASL", "FREEBSD_PKG_650734B2766541709A0AEECED5E10A5E.NASL", "FREEBSD_PKG_93A1C9A75BEF11ECA47A001517A2E1A4.NASL", "FREEBSD_PKG_A9C5E89D2D1511EC83630022489AD614.NASL", "FREEBSD_PKG_B0F49CB9673611EC9EEA589CFC007716.NASL", "FREEBSD_PKG_D1BE3D73673711EC9EEA589CFC007716.NASL", "GENTOO_GLSA-202209-02.NASL", "GENTOO_GLSA-202209-05.NASL", "IBM_JAVA_2021_11_01.NASL", "IBM_WEBSPHERE_XS_6598349.NASL", "LOG4J_LOG4SHELL_FTP.NBIN", "LOG4J_LOG4SHELL_NTP.NBIN", "LOG4J_LOG4SHELL_PPTP.NBIN", "LOG4J_LOG4SHELL_RPCBIND.NBIN", "LOG4J_LOG4SHELL_SIP_INVITE.NBIN", "LOG4J_LOG4SHELL_SMB.NBIN", "LOG4J_LOG4SHELL_WWW.NBIN", "LOG4J_VULNERABLE_ECOSYSTEM_LAUNCHER.NASL", "MACOS_SPLUNK_824.NASL", "MOBILEIRON_LOG4SHELL.NBIN", "NODEJS_2021_OCT_12.NASL", "NUTANIX_NXSA-AOS-5_20_3.NASL", "NUTANIX_NXSA-AOS-5_20_3_5.NASL", "NUTANIX_NXSA-AOS-5_20_4.NASL", "NUTANIX_NXSA-AOS-6_0_2_5.NASL", "NUTANIX_NXSA-AOS-6_0_2_6.NASL", "NUTANIX_NXSA-AOS-6_1.NASL", "NUTANIX_NXSA-AOS-6_1_1.NASL", "OPENJDK_2021-10-19.NASL", "OPENSUSE-2021-1115.NASL", "OPENSUSE-2021-1455.NASL", "OPENSUSE-2021-1480.NASL", "OPENSUSE-2021-1574.NASL", "OPENSUSE-2021-1577.NASL", "OPENSUSE-2021-1586.NASL", "OPENSUSE-2021-1601.NASL", "OPENSUSE-2021-1605.NASL", "OPENSUSE-2021-1612.NASL", "OPENSUSE-2021-1613.NASL", "OPENSUSE-2021-1631.NASL", "OPENSUSE-2021-2612.NASL", "OPENSUSE-2021-3615.NASL", "OPENSUSE-2021-3671.NASL", "OPENSUSE-2021-3770.NASL", "OPENSUSE-2021-3940.NASL", "OPENSUSE-2021-3964.NASL", "OPENSUSE-2021-3999.NASL", "OPENSUSE-2021-4094.NASL", "OPENSUSE-2021-4107.NASL", "OPENSUSE-2021-4109.NASL", "OPENSUSE-2021-4111.NASL", "OPENSUSE-2021-4112.NASL", "OPENSUSE-2021-4118.NASL", "OPENSUSE-2022-0038-1.NASL", "OPENSUSE-2022-0108-1.NASL", "ORACLELINUX_ELSA-2021-3889.NASL", "ORACLELINUX_ELSA-2021-3891.NASL", "ORACLELINUX_ELSA-2021-3892.NASL", "ORACLELINUX_ELSA-2021-3893.NASL", "ORACLELINUX_ELSA-2021-4135.NASL", "ORACLELINUX_ELSA-2021-5171.NASL", "ORACLELINUX_ELSA-2021-5206.NASL", "ORACLELINUX_ELSA-2022-0290.NASL", "ORACLELINUX_ELSA-2022-0350.NASL", "ORACLELINUX_ELSA-2022-9056.NASL", "ORACLE_BI_PUBLISHER_OAS_5_9_CPU_OCT_2022.NASL", "ORACLE_BPM_CPU_JAN_2022.NASL", "ORACLE_GOLDENGATE_CPU_OCT_2022.NASL", "ORACLE_JAVA_CPU_OCT_2021.NASL", "ORACLE_JAVA_CPU_OCT_2021_UNIX.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_JAN_2022.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_OCT_2021.NASL", "ORACLE_PRIMAVERA_P6_EPPM_CPU_JAN_2022.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_OCT_2021.NASL", "ORACLE_WEBCENTER_PORTAL_CPU_APR_2022.NASL", "ORACLE_WEBCENTER_PORTAL_CPU_JAN_2022.NASL", "PALO_ALTO_LOG4SHELL.NASL", "REDHAT-RHSA-2021-3884.NASL", "REDHAT-RHSA-2021-3885.NASL", "REDHAT-RHSA-2021-3886.NASL", "REDHAT-RHSA-2021-3887.NASL", "REDHAT-RHSA-2021-3889.NASL", "REDHAT-RHSA-2021-3891.NASL", "REDHAT-RHSA-2021-3892.NASL", "REDHAT-RHSA-2021-3893.NASL", "REDHAT-RHSA-2021-4135.NASL", "REDHAT-RHSA-2021-5030.NASL", "REDHAT-RHSA-2021-5171.NASL", "REDHAT-RHSA-2022-0041.NASL", "REDHAT-RHSA-2022-0246.NASL", "REDHAT-RHSA-2022-0310.NASL", "REDHAT-RHSA-2022-0345.NASL", "REDHAT-RHSA-2022-0350.NASL", "REDHAT-RHSA-2022-1296.NASL", "REDHAT-RHSA-2022-1297.NASL", "REDHAT-RHSA-2022-1462.NASL", "REDHAT-RHSA-2022-1463.NASL", "REDHAT-RHSA-2022-4914.NASL", "REDHAT-RHSA-2022-5555.NASL", "ROCKY_LINUX_RLSA-2021-3891.NASL", "ROCKY_LINUX_RLSA-2021-3893.NASL", "SL_20211020_JAVA_11_OPENJDK_ON_SL7_X.NASL", "SL_20211020_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "SOLR_CVE-2021-44228.NASL", "SPLUNK_824.NASL", "SUSE_SU-2021-14866-1.NASL", "SUSE_SU-2021-2612-1.NASL", "SUSE_SU-2021-3528-1.NASL", "SUSE_SU-2021-3671-1.NASL", "SUSE_SU-2021-3770-1.NASL", "SUSE_SU-2021-3771-1.NASL", "SUSE_SU-2021-3886-1.NASL", "SUSE_SU-2021-3940-1.NASL", "SUSE_SU-2021-3964-1.NASL", "SUSE_SU-2021-4111-1.NASL", "SUSE_SU-2021-4112-1.NASL", "SUSE_SU-2021-4115-1.NASL", "SUSE_SU-2022-0101-1.NASL", "SUSE_SU-2022-0107-1.NASL", "SUSE_SU-2022-0108-1.NASL", "SUSE_SU-2022-0166-1.NASL", "SUSE_SU-2022-14875-1.NASL", "SUSE_SU-2022-2855-1.NASL", "UBIQUITI_UNIFI_NETWORK_LOG4SHELL.NBIN", "UBUNTU_USN-5192-1.NASL", "UBUNTU_USN-5192-2.NASL", "UBUNTU_USN-5197-1.NASL", "UBUNTU_USN-5202-1.NASL", "UBUNTU_USN-5203-1.NASL", "UBUNTU_USN-5223-1.NASL", "VMWARE_HORIZON_LOG4SHELL.NBIN", "VMWARE_VCENTER_LOG4SHELL.NBIN", "VMWARE_VREALIZE_OPERATIONS_MANAGER_LOG4SHELL.NBIN", "WEBSPHERE_6489485.NASL", "WEB_APPLICATION_SCANNING_113075"]}, {"type": "nodejsblog", "idList": ["NODEJSBLOG:OCT-2021-SECURITY-RELEASES"]}, {"type": "nvidia", "idList": ["NVIDIA:5294", "NVIDIA:5295"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2022", "ORACLE:CPUJAN2022", "ORACLE:CPUJAN2023", "ORACLE:CPUJUL2022", "ORACLE:CPUOCT2021", "ORACLE:CPUOCT2022"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-3889", "ELSA-2021-3891", "ELSA-2021-3892", "ELSA-2021-3893", "ELSA-2021-4135", "ELSA-2021-5171", "ELSA-2022-0350"]}, {"type": "osv", "idList": ["OSV:CVE-2021-22959", "OSV:CVE-2021-22960", "OSV:DLA-2814-1", "OSV:DLA-2842-1", "OSV:DLA-2852-1", "OSV:DSA-5000-1", "OSV:DSA-5000-2", "OSV:DSA-5012-1", "OSV:DSA-5020-1", "OSV:DSA-5022-1", "OSV:DSA-5024-1", "OSV:DSA-5170-1", "OSV:GHSA-3QPM-H9CH-PX3C", "OSV:GHSA-7RJR-3Q55-VV33", "OSV:GHSA-FP5R-V3W9-4333", "OSV:GHSA-J3CH-VJPH-8Q6V", "OSV:GHSA-J7C3-96RF-JRRP", "OSV:GHSA-JFH8-C2JP-5V3Q", "OSV:GHSA-MC84-PJ99-Q6HH", "OSV:GHSA-MF4F-J588-5XM8", "OSV:GHSA-P6XC-XR62-6R2G", "OSV:GHSA-V57X-GXFJ-484Q", "OSV:GHSA-XQFJ-VM6H-2X34"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:165261", "PACKETSTORM:165270", "PACKETSTORM:165532", "PACKETSTORM:165642", "PACKETSTORM:165673", "PACKETSTORM:167917", "PACKETSTORM:170178"]}, {"type": "paloalto", "idList": ["PA-CVE-2021-44228"]}, {"type": "qt", "idList": ["QT:7EFAEDCED59EA2EE3AB98A0A484C5825"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:0EAB7251347951045CAC549194E33673", "QUALYSBLOG:13C1A00A7D0A7B1BB16D0AB5B1E9B51A", "QUALYSBLOG:15D6ABF4D9A50D86E63BA4553A0CD3C6", "QUALYSBLOG:33FD0B08A1B2E414EAA2ADDFCDFE0EB1", "QUALYSBLOG:3F1898282AF38991E0B849D7A68D2A2B", "QUALYSBLOG:3FADA4B80DBBF178154C0729CFC1358F", "QUALYSBLOG:42335884011D582222F08AEF81D70B94", "QUALYSBLOG:5059D1C3913FB6542F3283A66F9B3A43", "QUALYSBLOG:5F3A665821FA30373004EC52F5104E15", "QUALYSBLOG:5FAC1C82A388DBB84ECD7CD43450B624", "QUALYSBLOG:68BBBF644900DA0A883AABB0E4E3F28B", "QUALYSBLOG:6C71B912ABF74BE51F014EC90669CF30", "QUALYSBLOG:A0F20902D80081B44813D92C6DCCDAAF", "QUALYSBLOG:C2ECE416E32C6CC230B13471D41A4E03", "QUALYSBLOG:C3C14B989683A02C2C9A98CE918FBC3C", "QUALYSBLOG:CAF5B766E6B0E6C1A5ADF56D442E7BB2", "QUALYSBLOG:D38E3F9D341C222CBFEA0B99AD50C439"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:02EDDA927928C11A6D10A4A0D17823AF", "RAPID7BLOG:0576BE6110654A3F9BF7B9DE1118A10A", "RAPID7BLOG:078D5EE222682A75AE1A1A3A3684E38D", "RAPID7BLOG:0C5C51ED53983B92C7C9805E820366C9", "RAPID7BLOG:18CF89AA3B9772E6A572177134F45F3A", "RAPID7BLOG:18D49792276E208F17E7D64BCE2FDEF6", "RAPID7BLOG:1D39E7BBA13704DCBB8153C89ABE6B72", "RAPID7BLOG:24E0BE5176F6D3963E1824AD4A55019E", "RAPID7BLOG:2FC92FBE5A4445611C80C7C3FA7D9354", "RAPID7BLOG:2FFDE45F01FA44216BE91DD7AFA0D060", "RAPID7BLOG:45B045D2EE21432DF9939E4402522BFC", "RAPID7BLOG:4CDB288231FA4BF52C0067D9D4FEABBF", "RAPID7BLOG:602109CBDD808C41E4DDC9FBC55E144D", "RAPID7BLOG:6EADCD983283E3D546EF2907978E95F1", "RAPID7BLOG:6F833E0DB9E152EB8397D33430FECB7F", "RAPID7BLOG:7767347A5784FF1C4901601A1A21D2C8", "RAPID7BLOG:7F1312E79E0925118565C90443170051", "RAPID7BLOG:97E3CA7ED938F3DF6E967C832F314FA3", "RAPID7BLOG:9CB105938BDE92F573A2DE68BC20CF46", "RAPID7BLOG:9F3C0081D4135E83F44053063F0E78EE", "RAPID7BLOG:AB5C0BC130F45073226CC41D25680EA0", "RAPID7BLOG:AF9E6199C63A57B22FAE6AAEDD650D39", "RAPID7BLOG:B6DE24165AA9AA83EDA117170EDDAD44", "RAPID7BLOG:BE60EE9A1ACB3CEE4593041ECAFA8D95", "RAPID7BLOG:C6C1B8357ABD28AEB0F423A0A099098A", "RAPID7BLOG:CB62092B4C7E70876CF276BA04DD7597", "RAPID7BLOG:D185BF677E20E357AFE422CFB80809A5", "RAPID7BLOG:D1E1A150733F5AFC2C704DB26E7EAB30", "RAPID7BLOG:E3D08ECAA9A93569D5544F4D6AAEEB74", "RAPID7BLOG:E43819A7DE1DD0F60E63E67A27B9301B", "RAPID7BLOG:ED80467D2D29D8DC10E754C9EA19D9AD", "RAPID7BLOG:F14526C6852230A4E4CF44ADE151DF49", "RAPID7BLOG:F14E17E573386DB3DDD27A8E829E49A1", "RAPID7BLOG:F37BD0C67170721734A26D15E6D99B3E", "RAPID7BLOG:F76EF7D6AB9EB07FC8B8BCE442DC3A69", "RAPID7BLOG:F9B4F18ABE4C32CD54C3878DD17A8630", "RAPID7BLOG:FB97B7B381BE98BE0077666DFDEC1953", "RAPID7BLOG:FBEE52CB3C438E4C42D6212E07BEFEA9"]}, {"type": "redhat", "idList": ["RHSA-2021:3884", "RHSA-2021:3885", "RHSA-2021:3886", "RHSA-2021:3887", "RHSA-2021:3889", "RHSA-2021:3891", "RHSA-2021:3892", "RHSA-2021:3893", "RHSA-2021:3960", "RHSA-2021:3961", "RHSA-2021:3967", "RHSA-2021:3968", "RHSA-2021:4135", "RHSA-2021:4531", "RHSA-2021:4532", "RHSA-2021:5030", "RHSA-2021:5093", "RHSA-2021:5094", "RHSA-2021:5106", "RHSA-2021:5107", "RHSA-2021:5108", "RHSA-2021:5126", "RHSA-2021:5127", "RHSA-2021:5128", "RHSA-2021:5129", "RHSA-2021:5130", "RHSA-2021:5132", "RHSA-2021:5133", "RHSA-2021:5134", "RHSA-2021:5137", "RHSA-2021:5138", "RHSA-2021:5140", "RHSA-2021:5141", "RHSA-2021:5148", "RHSA-2021:5171", "RHSA-2021:5183", "RHSA-2021:5184", "RHSA-2021:5186", "RHSA-2022:0026", "RHSA-2022:0041", "RHSA-2022:0042", "RHSA-2022:0043", "RHSA-2022:0044", "RHSA-2022:0047", "RHSA-2022:0082", "RHSA-2022:0083", "RHSA-2022:0203", "RHSA-2022:0205", "RHSA-2022:0216", "RHSA-2022:0219", "RHSA-2022:0222", "RHSA-2022:0223", "RHSA-2022:0246", "RHSA-2022:0296", "RHSA-2022:0310", "RHSA-2022:0345", "RHSA-2022:0350", "RHSA-2022:0431", "RHSA-2022:1296", "RHSA-2022:1297", "RHSA-2022:1299", "RHSA-2022:1462", "RHSA-2022:1463", "RHSA-2022:1469", "RHSA-2022:4914", "RHSA-2022:5532", "RHSA-2022:5555"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-22959", "RH:CVE-2021-22960", "RH:CVE-2021-35517", "RH:CVE-2021-35556", "RH:CVE-2021-35559", "RH:CVE-2021-35560", "RH:CVE-2021-35564", "RH:CVE-2021-35565", "RH:CVE-2021-35578", "RH:CVE-2021-35586", "RH:CVE-2021-35588", "RH:CVE-2021-36090", "RH:CVE-2021-41035", "RH:CVE-2021-4104", "RH:CVE-2021-4125", "RH:CVE-2021-44228", "RH:CVE-2021-44832", "RH:CVE-2021-45046", "RH:CVE-2021-45105"]}, {"type": "redos", "idList": ["ROS-20211223-01"]}, {"type": "rocky", "idList": ["RLEA-2022:5139", "RLSA-2021:3891", "RLSA-2021:3893", "RLSA-2021:4135", "RLSA-2021:5171", "RLSA-2022:0350"]}, {"type": "securelist", "idList": ["SECURELIST:0ED76DA480D73D593C82769757DFD87A", "SECURELIST:52D1B0F6F56EE960CC02B969556539D6", "SECURELIST:7A375F44156FACA25A0B3990F2CD73C1", "SECURELIST:9CC623A02615C07A9CEABD0C58DE7931", "SECURELIST:C1F2E1B6711C8D84F3E78D203B3CE837", "SECURELIST:E21F9D6D3E5AFD65C99FC385D4B5F1DC"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1115-1", "OPENSUSE-SU-2021:1455-1", "OPENSUSE-SU-2021:1480-1", "OPENSUSE-SU-2021:1500-1", "OPENSUSE-SU-2021:1552-1", "OPENSUSE-SU-2021:1574-1", "OPENSUSE-SU-2021:1577-1", "OPENSUSE-SU-2021:1586-1", "OPENSUSE-SU-2021:1601-1", "OPENSUSE-SU-2021:1605-1", "OPENSUSE-SU-2021:1613-1", "OPENSUSE-SU-2021:2612-1", "OPENSUSE-SU-2021:3615-1", "OPENSUSE-SU-2021:3671-1", "OPENSUSE-SU-2021:3770-1", "OPENSUSE-SU-2021:3940-1", "OPENSUSE-SU-2021:3964-1", "OPENSUSE-SU-2021:3999-1", "OPENSUSE-SU-2021:4094-1", "OPENSUSE-SU-2021:4107-1", "OPENSUSE-SU-2021:4109-1", "OPENSUSE-SU-2021:4118-1", "OPENSUSE-SU-2022:0108-1", "SUSE-SU-2022:2855-1"]}, {"type": "symantec", "idList": ["SMNTC-19793"]}, {"type": "talosblog", "idList": ["TALOSBLOG:0AA83DE1427426ABF4723FDF049F6EEB", "TALOSBLOG:AFFA9F54A1744A8B65903B06E9C56C3A", "TALOSBLOG:C9F50677FB4030903E6114F7C17FD8DB"]}, {"type": "thn", "idList": ["THN:161777F5DB73EF3AB5B13EF9F11E3374", "THN:1D10167F5D53B2791D676CF56488D5D9", "THN:2656971C06C4E3D4B0A8C0AC02BBB775", "THN:365025B2416483B34C70F02EDA44131E", "THN:368B6517F020AB4BF1B2344EDC8234A4", "THN:4DE731C9D113C3993C96A773C079023F", "THN:5BAE3325983F971D1108722C454FF9AB", "THN:5CB7AEBFFE369D293598A4FDBFDFCEE3", "THN:602D65D576B090BAC4B0C96998F8F922", "THN:668DE2C9CFD709125451AF8F3FE12E6C", "THN:686DDFA07B415C41BA7AB9B8970557EF", "THN:76D7572EDBE770410D6F0518DAD8B0AD", "THN:76F500CE84314456F7B0E4DD1D56D971", "THN:7958F9B1AA180122992C6A0FADB03536", "THN:802C6445DD27FFC7978D22CC3182AD58", "THN:833B2B9623F1C64D20868B947E8BE4E0", "THN:83D31EE6B3E59778D812B3B7E67D7CD6", "THN:8755093D287CCB8F16A1A7CD3BDB6ACF", "THN:933FE23273AB5250B949633A337D44E1", "THN:AFF2BD38CB9578D0F4CA96A145933627", "THN:C73B84809CDC20C90C26FF1B7F56F5D4", "THN:CE191128AE56CD5C614344408C285C87", "THN:DF2B6840863D6847D7088B1A07B19A4A", "THN:E27BF56DBA34B1A89BD29AEB5A6D8405", "THN:E7E8D45492BAD83E88C89D34F8502485", "THN:ECDABD8FB1E94F5D8AFD13E4C1CB5840"]}, {"type": "threatpost", "idList": ["THREATPOST:02A472487653A461080415A3F7BB23D2", "THREATPOST:03FC9E97BBF9730C5990E8A220DD5E9A", "THREATPOST:065F7608AC06475E765018E97F14998D", "THREATPOST:075BA69792AA7B1AE4C28E1CBE61E360", "THREATPOST:08E51C6FB9418179611DF2ACFB1073BF", "THREATPOST:09118C676E28AC5D7BB791E76F75453C", "THREATPOST:0B290DDF3FE14178760FDC2229CB1383", "THREATPOST:0C3BAA4DB9E2B5E8A30DD20A987FCE03", "THREATPOST:0FD7F2FA7F2D3383F582553124EA843D", "THREATPOST:10245D9804511A09607265485D240FFF", "THREATPOST:10D0F1DDDD6C211DA3CE6395900B7C54", "THREATPOST:1309DBA0F8A2727965C6FA284A002D3B", "THREATPOST:138507F793D8399AF0EE1640C46A9698", "THREATPOST:138F67583DAC26A61D1AB90A018F1250", "THREATPOST:13D4AE4C03A3BF687491FDA1E8D732C7", "THREATPOST:14D52B358840B9265FED987287C1E26E", "THREATPOST:16624FA0DF55AAB9FDB3C14AC91EC9F5", "THREATPOST:16877B149E701CC4DB69E91C567D79CC", "THREATPOST:187B01687ED5D3975CD6E42E84DD9B13", "THREATPOST:19BDD881931703B28F7B93492E0C75FD", "THREATPOST:1A553B57472BB0EB8D69F573B510FDE6", "THREATPOST:1B42481449E86FEA3940A2E1E2634309", "THREATPOST:1BE6320CDA6342E72A5A2DD5E0758735", "THREATPOST:1CC682A86B6D521AD5E357B9DB3A1DFB", "THREATPOST:1EB961A6936CB97E2DE6C0212349367F", "THREATPOST:1F99A9A6A418194B87E5468CC8344FBF", "THREATPOST:20F9B8CE2D092108C0F78EC3E415F6B4", "THREATPOST:2188E3E33D86C2C3DF35253A3ED7FA6C", "THREATPOST:2246F7085606B44A031DC14D1B54B9DB", "THREATPOST:23B6C10D7EF469BE8ED27D1C9AFB526A", "THREATPOST:2707644CA0FB49ADD0ECA1B9AFDA0E8A", "THREATPOST:27C5AA551B5793DEA8848FB76DE52B32", "THREATPOST:280ACEC9B5A634E74F3C321F272C3EF3", "THREATPOST:2C0E12580D3C2F1CE7880F6955D4AA1E", "THREATPOST:305513A61FA2B0EF500854C82DF34A9C", "THREATPOST:31091088EDBCEEF43F75A2BA2387EB5C", "THREATPOST:31D14CEE5977BF71F79F7C30AEC10698", "THREATPOST:34D98758A035C36FED68DDD940415845", "THREATPOST:3697F9293A6DFF6CD5927E9E68FF488A", "THREATPOST:38E044431D55F0A4BC458FF92EB025BF", "THREATPOST:38E8D69F26ADB15A989532924B2A98C4", "THREATPOST:3A1C8593C0AAEFA3AF77D1A207BD0B65", "THREATPOST:3A5F59D56E40560C393A3F69A362A31B", "THREATPOST:3ADFDD3CC93B03F83C2CEC5583B016AB", "THREATPOST:3B06E49AA3C9F001C97038682A9BF73F", "THREATPOST:3B8B02F621E9D9883A541B1B26BDF410", "THREATPOST:3DB85AFFEA9491ACBD8909D0CF5FBAEA", "THREATPOST:3EDC338ECB2601F5A49A9ED5E087B776", "THREATPOST:3FDED0EC415BA165368B72AB2A8E1A59", "THREATPOST:40A09F08F388BACF08E0931C6473DE0C", "THREATPOST:40A6B1288BA6177BA30307804BE630D0", "THREATPOST:41B10746D1F4B74DA188CB140A8B2676", "THREATPOST:42AAB266C740220CFF57204DDF71129E", "THREATPOST:436D209F4CB01B99FC9576DFE08DE145", "THREATPOST:45B63C766965F5748AEC30DE709C8003", "THREATPOST:46837E7270195429E1D891848E911254", "THREATPOST:46AF5D5C752ADF689DA52FBDA4644F5D", "THREATPOST:47481707E9A4BF7FC15CC47EC8A8F249", "THREATPOST:48A631F2D45804C677BB672F838F29DA", "THREATPOST:48FD4B4BFA020778797D684672C283B0", "THREATPOST:49177F7B5015CE94637C97F64C2D4138", "THREATPOST:4B8076F30D5D67336733D7FFBCBD929A", "THREATPOST:4C9E0FFA5C914E395A66D2DC65B16649", "THREATPOST:4D63851D1493E3861204B674ADBC7F01", "THREATPOST:4D892A0342695D6703703D63DCC1877C", "THREATPOST:4EEFA1A0FABB9A6E17C3E70F39EB58FE", "THREATPOST:503327A6AB0C76621D741E281ABCFF77", "THREATPOST:5531DA413E023731C17E5B0771A25B3D", "THREATPOST:57F52943964BADEBC748C4AC796CEEB6", "THREATPOST:590E1D474E265F02BA634F492F728536", "THREATPOST:5B680BEF3CD53FFB3B871FF7365A4C47", "THREATPOST:5B9D3D8DB4BFEDE846215C1877B275ED", "THREATPOST:5C1E777F8F9FC173EF97E95D8AFAA5F2", "THREATPOST:5CCE0C2607242B16B2880B331167526C", "THREATPOST:5F6690E820E1B143D99DD5974300C6FF", "THREATPOST:6067B6D35C99BFCFF226177541A31F69", "THREATPOST:647D7D894452D9C46B3E86F5491EED49", "THREATPOST:65DB14FD89BCDBD3391ADD70F1377E70", "THREATPOST:65F4E74D349524EBAC2DA4A4ECF22DD8", "THREATPOST:6675B640474BF8A8A3D049DB0266A118", "THREATPOST:66848A3C9B8917C8F84DFDC04DD5F6D9", "THREATPOST:68B92CE2FE5B31FB78327BDD0AB7F21C", "THREATPOST:6C547AAC30142F12565AB289E211C079", "THREATPOST:6D28B6E17A92FE11F55907C143B3F5DD", "THREATPOST:751A0E2371F134F90F39C20AB70C1E2A", "THREATPOST:76A072EE53232EB197F119EC2F7EAA74", "THREATPOST:76A5549135F9D578FFC2C8FACC135193", "THREATPOST:77DB31E826E03EA9D78EE4777986EA49", "THREATPOST:78327DA051387C43A61D82DE6B618D1F", "THREATPOST:795C39123EE147B39072C9434899E8FE", "THREATPOST:796DFA4804FEF04D3787893FCDFF97D2", "THREATPOST:7DDE7BA7A7916763BDDB5D0C565285DA", "THREATPOST:81021088670E95FC0EBB2F53E1FB2AD2", "THREATPOST:8105FA1422BB4E02CD95C23CC7405E26", "THREATPOST:81DEAED9A2A367373ADA49F1CCDCA95D", "THREATPOST:8243943141B8F18343765DA77D33F46C", "THREATPOST:8594A8F12FC5C97E7E62AF7B9BE3F1AA", "THREATPOST:8601D6EF6AB3201E582A218391B19C3F", "THREATPOST:8648A1E46B6EBE5300881DE285C7D080", "THREATPOST:883A7DED46A4E1C743AFFBA7CDCF4400", "THREATPOST:89AA48C3C48FA427AB660EDEE6DBCBE2", "THREATPOST:8A372065BFA1E6839DAF0386E9D8A1F5", "THREATPOST:8B78588647E8548B06361DBB1F279468", "THREATPOST:8D57BD39C913E8DDC450DD9EF2564C2C", "THREATPOST:8E47F9D5A51C75BA6BB0A1E286296563", "THREATPOST:8FFF44C70736D8E21796B9337E52F29D", "THREATPOST:932AA74F12B9D2AD0E8589AC1A2C1438", "THREATPOST:9374ECD9CCFC891FC2F3B85DF0905A1C", "THREATPOST:95BDCA2096B58A0697E169C01B1E0F09", "THREATPOST:970C9E73DF1FF53D70DB0B66326F3CB0", "THREATPOST:97D06649A596B5E25E2A11E3D275748B", "THREATPOST:97F7CB48069CDF8038E5E49508EFA458", "THREATPOST:987673B6BC03D7371ADC88E9BDA270D5", "THREATPOST:98F735BF442C3126E4A9FFBB60517B96", "THREATPOST:9922BFA77AFE6A6D35DFEA77A4D195C0", "THREATPOST:99C6C1555ACD07B4925765AED21A360C", "THREATPOST:9D96113FADFD4FBCA9C17B78B53A8C93", "THREATPOST:9E222E9232D1D59183559B17E97BADCD", "THREATPOST:A07707C9B30B86A691C1A24C4DC65EE6", "THREATPOST:A1F3E8AC4878C11E48F90AC47D165F52", "THREATPOST:A6096ACCB3F0C38BC6570E1DDE3E8844", "THREATPOST:A98C64CB9BDDE55F51C984B749753904", "THREATPOST:AB54F1EB518D88546D1EF9DBA5E1874B", "THREATPOST:AE9B4708A7A9B6F3A24C35E15C6150A4", "THREATPOST:AFD74E86954C5A08B3F246887333BDF3", "THREATPOST:B04DD1402960F4726546F62371A02B3C", "THREATPOST:B11E42D0B4C56E4CC482DEF6EA0B4AC7", "THREATPOST:B2FEDF3EA50507F526C77105093E8977", "THREATPOST:B318814572E066732E6C32CC147D95E2", "THREATPOST:B3A92C43D5FF3C53BE8EF06C687B80B6", "THREATPOST:B796D491D9E59A6CE14A74FFE427D175", "THREATPOST:B7C8B7F3016D73355C4ED5E05B0E8490", "THREATPOST:B9CCF4B8B7E25CEC369B248303882707", "THREATPOST:BA0FA5036C385C822C787514850A67E5", "THREATPOST:BDCC3D007E103708BD7CA085B29EF2CB", "THREATPOST:BE11CFFFFEA1B470C8A24CA24D76A7C6", "THREATPOST:C3C8E90FB9A6A06B1692D70A51973560", "THREATPOST:C4369D60DE77B747298623D4FD0299B3", "THREATPOST:C4B358E42FF02B710BE90F363212C84F", "THREATPOST:C573D419AD6106E6579CCA4A18E2DBBE", "THREATPOST:C694354BA14A953DAFC9171CB97F0BC2", "THREATPOST:C6D292755B4D35E7E0FD459BBF6AFC7F", "THREATPOST:C754ECCAF3F8A3E6BCD670A88B3E4CAA", "THREATPOST:C9D2DB62AC17B411BFFF253D149E56F2", "THREATPOST:C9FBCC2A1C52CDB54C6AAB18987100F4", "THREATPOST:CAA9AA939562959323A4675228C233A5", "THREATPOST:CD9589D22198CE38A27B7D1434FEE963", "THREATPOST:CEEE25A4A4491980FA1ECB491795DBA9", "THREATPOST:CF3033203781AAC4EAAE83DDCF93ADE8", "THREATPOST:CF4E98EC11A9E5961C991FE8C769544E", "THREATPOST:CF93F3E6D1E96AACFAEE9602C90A711D", "THREATPOST:D098942E4435832E619282E1B92C9E0F", "THREATPOST:D240DF7FEF328139784DBE743FF84E9B", "THREATPOST:D358CF7B956451F0C53F878AF811409F", "THREATPOST:D5E02B5FD2809DCACF41DA1190794921", "THREATPOST:D7D5E283A1FBB50F8BD8797B0D60A622", "THREATPOST:DB4349EAC3DD60D03D1EBDEFF8ABAA8E", "THREATPOST:DC76A72269F271882F45A521CF7C3509", "THREATPOST:DD0FE8D3D9D205FA5CCA65C3EBDD62D2", "THREATPOST:DE6A0C7ECE2973F596891B00DC078055", "THREATPOST:DF2C6B28792FEC8F2404A7DC366B848F", "THREATPOST:E09CE3FA2B76F03886BA3C2D4DB4D8DB", "THREATPOST:E0C8A3622AEF61D726EED997C39BADFE", "THREATPOST:E424D9CD1C692F91FBD97FDDEDBCCE34", "THREATPOST:E60D2D0CCA5A225CA4BF5CEB5C7C3F59", "THREATPOST:E8074A338A246BED98CF95AD4F4E9CAF", "THREATPOST:E8A3AD011F9759F38AAB48D776396878", "THREATPOST:EC28F82F6C3ECD5D0BA7471D5BA50FD6", "THREATPOST:EE0A71A925297032000651C344890BDD", "THREATPOST:F12423DD382283B0E48D4852237679FC", "THREATPOST:F72FDE7CB5D697EFD089937D42475E50", "THREATPOST:F87A6E1CF3889C526FDE8CE50A1B81FF", "THREATPOST:FC38FE49CDC6DFAD4E78D669DBFA5687", "THREATPOST:FDD0C98FAA16831E7A3B7CCE3BFC67FF", "THREATPOST:FDF0EE0C54F947C5167E6B227E92AE63", "THREATPOST:FE7B13B35ED49736C88C39D5279FA3D1"]}, {"type": "trellix", "idList": ["TRELLIX:357BDB16F9C97C350D8CFF381DE2C04E", "TRELLIX:39F5630F37B0A70500113404A73FE414", "TRELLIX:7B9C31B3E2F1A079101A700230D5A5C0", "TRELLIX:908157CFA8050AA23921170E873187E1", "TRELLIX:D57FEAD5DBF6D915430C791AC26C10CC", "TRELLIX:ED6978182DFD9CD1EA1E539B1EDABE6C"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:C927C873A9E9A7AF6B74D64EFAFA6B02"]}, {"type": "typo3", "idList": ["TYPO3-PSA-2021-004"]}, {"type": "ubuntu", "idList": ["USN-5192-1", "USN-5192-2", "USN-5197-1", "USN-5202-1", "USN-5203-1", "USN-5222-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-22959", "UB:CVE-2021-22960", "UB:CVE-2021-35517", "UB:CVE-2021-35556", "UB:CVE-2021-35559", "UB:CVE-2021-35560", "UB:CVE-2021-35564", "UB:CVE-2021-35565", "UB:CVE-2021-35578", "UB:CVE-2021-35586", "UB:CVE-2021-35588", "UB:CVE-2021-36090", "UB:CVE-2021-4104", "UB:CVE-2021-44228", "UB:CVE-2021-45046", "UB:CVE-2021-45105"]}, {"type": "veeam", "idList": ["VEEAM:KB4254"]}, {"type": "veracode", "idList": ["VERACODE:31202", "VERACODE:31465", "VERACODE:32486", "VERACODE:32487", "VERACODE:32724", "VERACODE:32725", "VERACODE:32727", "VERACODE:32728", "VERACODE:32730", "VERACODE:32731", "VERACODE:32732", "VERACODE:33244", "VERACODE:33337", "VERACODE:33348", "VERACODE:33382"]}, {"type": "vmware", "idList": ["VMSA-2021-0028.1", "VMSA-2021-0028.10", "VMSA-2021-0028.11", "VMSA-2021-0028.12", "VMSA-2021-0028.13", "VMSA-2021-0028.2", "VMSA-2021-0028.3", "VMSA-2021-0028.4", "VMSA-2021-0028.6", "VMSA-2021-0028.7", "VMSA-2021-0028.8", "VMSA-2021-0028.9"]}, {"type": "wallarmlab", "idList": ["WALLARMLAB:060FBB90648BCDE11554492408AE89C8", "WALLARMLAB:2AAA5E62EED6807B93FB40361B4927CB", "WALLARMLAB:90D3FFE69FF928689D36310EF8B1C4F3", "WALLARMLAB:E86F01AF50087BEB03AAB46947CDE884"]}, {"type": "wordfence", "idList": ["WORDFENCE:107445D672F037011ADA9A0DA9FB8292", "WORDFENCE:45390D67D024DD8C963E18DAE88303B2"]}, {"type": "zdi", "idList": ["ZDI-21-1541"]}, {"type": "zdt", "idList": ["1337DAY-ID-37135", "1337DAY-ID-37136", "1337DAY-ID-37228", "1337DAY-ID-37257", "1337DAY-ID-37264", "1337DAY-ID-37889", "1337DAY-ID-38098"]}]}, "score": {"value": 0.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "aix", "idList": ["JAVA_FEB2022_ADVISORY.ASC"]}, {"type": "akamaiblog", "idList": ["AKAMAIBLOG:61BDCEC3AEF8E6FC9E12623DB54E8144", "AKAMAIBLOG:65F0FA2139A357151F74FA41EF42B50F", "AKAMAIBLOG:94B715279ABA113C427A5E987C080DA7", "AKAMAIBLOG:B0985AEDEB4DAED26BDA30B9488D329D", "AKAMAIBLOG:B0DBF0121097FA293565FB7E66E09AB3"]}, {"type": "almalinux", "idList": ["ALSA-2021:3891", "ALSA-2021:3893", "ALSA-2021:5171"]}, {"type": "amazon", "idList": ["ALAS-2021-1553", "ALAS-2022-1561", "ALAS2-2021-1718", "ALAS2-2021-1726", "ALAS2-2021-1730", "ALAS2-2021-1731"]}, {"type": "apple", "idList": ["APPLE:251C897D47AD6A2DB0B7E3792A81C425"]}, {"type": "archlinux", "idList": ["ASA-202110-4", "ASA-202110-5", "ASA-202110-6"]}, {"type": "attackerkb", "idList": ["AKB:0B6C144F-2E5A-4D5E-B629-E45C2530CB94", "AKB:398CAD69-31E4-4276-B510-D93B2C648A74"]}, {"type": "avleonov", "idList": ["AVLEONOV:89C75127789AC2C132A3AA403F035902"]}, {"type": "centos", "idList": ["CESA-2021:3889", "CESA-2021:3892"]}, {"type": "cert", "idList": ["VU:930724"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0936", "CPAI-2021-0955"]}, {"type": "checkpoint_security", "idList": ["CPS:SK176865"]}, {"type": "cisa", "idList": ["CISA:6C962B804E593B231FDE50912F4D093A", "CISA:8367DA0C1A6F51FB2D817745BB204C48", "CISA:918B5EC3622C761B0424597D3F7AFF7C", "CISA:920F1DA8584B18459D4963D91C8DDA33"]}, {"type": "cisco", "idList": ["CISCO-SA-APACHE-LOG4J-QRUKNEBD"]}, {"type": "citrix", "idList": ["CTX335705"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:690C01663F820378948F8CF2E2405F72"]}, {"type": "cve", "idList": ["CVE-2021-22959", "CVE-2021-22960", "CVE-2021-35517", "CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-36090", "CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"]}, {"type": "debian", "idList": ["DEBIAN:DSA-5000-1:6CB68", "DEBIAN:DSA-5020-1:32A64", "DEBIAN:DSA-5022-1:D26EE", "DEBIAN:DSA-5024-1:FE296"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-35517", "DEBIANCVE:CVE-2021-36090", "DEBIANCVE:CVE-2021-44228", "DEBIANCVE:CVE-2021-45046", "DEBIANCVE:CVE-2021-45105"]}, {"type": "exploitdb", "idList": ["EDB-ID:50590", "EDB-ID:50592"]}, {"type": "f5", "idList": ["F5:K19026212", "F5:K24554520", "F5:K32171392", "F5:K34162192"]}, {"type": "fedora", "idList": ["FEDORA:075BE30AAB8A", "FEDORA:59AA230A7074", "FEDORA:B8BB130A637E"]}, {"type": "freebsd", "idList": ["1EA05BB8-5D74-11EC-BB1E-001517A2E1A4", "3FADD7E4-F8FB-45A0-A218-8FD6423C338F", "4B1AC5A3-5BD4-11EC-8602-589CFC007716", "515DF85A-5CD7-11EC-A16D-001517A2E1A4", "650734B2-7665-4170-9A0A-EECED5E10A5E", "93A1C9A7-5BEF-11EC-A47A-001517A2E1A4", "A9C5E89D-2D15-11EC-8363-0022489AD614"]}, {"type": "github", "idList": ["GHSA-7RJR-3Q55-VV33", "GHSA-JFH8-C2JP-5V3Q", "GHSA-MC84-PJ99-Q6HH", "GHSA-P6XC-XR62-6R2G", "GHSA-XQFJ-VM6H-2X34", "GITHUB:070AFCDE1A9C584654244E41373D86D8", "GITHUB:D32BE0B8A571761A967462652837D28F"]}, {"type": "githubexploit", "idList": ["00264586-32AF-5469-819B-90FBDA0B6FF2", "00423BD1-64DA-5DB0-848E-1BACC0883E15", "0099FB22-A94E-5D32-9BC4-2EC6D5CFFA9C", "016A0841-D1FF-5056-B062-0D08FCE624CB", "034AFC0C-D411-5F4A-BBAB-630A6C972933", "03C230DA-F801-5660-BF8E-AB8F44E2755C", "0568D2CD-87AF-5D34-AA65-868B1DDA0A89", "0577D04A-4517-5872-B4C0-E45DD6246D88", "066BA250-177D-5017-9AC2-6B948A465ABC", "06D271D5-7A61-5692-9778-7F521D52F980", "0793D7AB-F57C-5832-B456-4057704CAEC9", "07C462E5-20A3-5023-B363-47E1B0C1AE4E", "09509FA9-9FC3-5B64-900D-F0842DC8BCF7", "09F9BA9F-83A2-52EF-81A0-214FCD9E240D", "0A26B4F0-3175-58BE-9CE7-133C9D85E181", "0ABA9FB5-93DD-59F1-9580-232DBFBB4AD8", "0BC62E37-D6E2-5B2C-BF89-3E00D98D2E30", "0C98B78F-B467-5298-825B-05ECB4EE2653", "0CBB2E72-C52F-59B6-BD73-DBDD206C4C35", "0D243A34-B42E-5007-90D0-A30ECABDA204", "0D4B651A-4424-55FE-B496-1BB733DE7EE2", "0E43C674-363B-53C2-8686-6F412A995AF4", "0E47338D-BDC0-510A-BC15-093F2E1DEF2C", "0E8471F7-D213-552B-ABD8-B3B1FAD4B910", "11719BED-E629-5C79-944E-7E40BBFC460C", "126A30D2-0273-510B-B34A-DF7AE6E0C1C0", "129B39DD-AB9E-54F0-B6B4-5EA17F29B7DF", "12AAE278-1B08-5F3E-AC28-8EC928D3D7C8", "13542749-F70C-5BAA-A20C-8A464D612535", "13EDAA06-F1A5-5097-AD3A-3D6129C325A7", "14482532-2406-58DF-89FF-30B085015257", "14E4E272-9457-53A0-ADD5-F91385D04FCD", "161B70B2-DFA5-54B6-A4CE-45B79999AAC6", "16B2ABBF-5997-58A1-A4C9-0161F64D116C", "16EB55EE-7CC4-58C7-86AC-E9FD7066B5F1", "170912E2-BB33-5CB8-AD90-C0A737FCAC5E", "17C204F9-DD70-5EFB-89D4-B642E65FAF99", "1AD6F414-6637-555A-AA79-BEE90EDB10AB", "1B11A8A4-B07C-580C-AF38-33A50B17B19A", "1C354B89-0050-508B-98F4-B43CBD84F364", "1CC6B535-3451-5066-8C2E-94551FEC545E", "1CCC4512-40AB-5F72-9913-3D894DB4676F", "1E085D9B-26F5-5960-938C-AEB76BCE61D8", "1E62A076-94ED-5061-AE4F-432BB8D7A59C", "210D354B-2338-5AA4-BB87-981C2D2BAA06", "21AACF78-8053-529E-909E-B6D5158008AC", "21B5671D-2A35-52FF-9702-380A32B96260", "21F23081-849E-5B0D-AB61-A8EB37CA0B38", "22AAF71B-053F-5E71-9F26-039C48FCCD62", "22C2FC0C-2C78-5EF7-B21B-5B76E82E2E99", "22C736D4-4179-585F-990B-A40436F65461", "231364E1-A2B1-558A-B805-F242AA97B13F", "23A2D479-181C-599C-9C0F-9A2FF201348F", "2421E200-716C-5F29-84C0-DD8B9C41D92E", "24682F53-DE0E-5967-AAC7-98806644A14C", "24751999-698F-5052-988C-193144F85A39", "254068B4-97B4-5DCF-A60F-5206B6DD230E", "26905C55-5DC7-5275-A0AF-FAF06685612E", "26FD2B5F-2952-5624-8CB5-3ECD4480DA87", "27D73012-7283-5C8D-8197-BBAE1964DEE3", "29A41C2D-FF26-591A-A88B-DDB396742BBC", "2A95146E-A404-5015-9D39-293C8EAFF4B6", "2AA77664-83AA-50B1-9F4E-37CC67A5CFAC", "2AF28508-1272-5281-BDB7-B44D3EFC7C72", "2AF7350D-AB79-5AB5-8AF9-0F351CE13D30", "2D2BE5CB-742A-5912-9D88-75365533F9E2", "2E7FF2D4-97E7-54F5-A5C8-EACD22FCF303", "2E946B1D-12B1-56D1-A72E-A3026C240B1D", "2EACBFB9-2956-564B-A859-6C85EF9F785A", "30BD2114-A602-52D3-908F-8B66A46F1A8C", "30C6DF99-400E-539F-AA8D-39E7407F4796", "32BB43C3-F80D-5CBF-83AD-55BD38C2A440", "342CC1B7-6E24-5767-A7B1-90B95A91B503", "34DFC7F1-8012-5B3A-B9F1-EFEDB5F89D1D", "3549B000-260E-5A24-9573-935F898D149C", "371D4A15-51B5-520B-B31D-856E557695FD", "3734D8ED-657E-5585-B181-DE9BE2D84456", "38AF0E71-397C-5A1E-B67C-5514D8F8ABC8", "39A13697-AF09-5E14-9DE2-045005EA9D85", "39D0749D-74E3-5D08-804A-6E7E52BCE692", "3A118B0C-1B94-5CA7-81D3-2A3230EB4DC9", "3A1D442B-2B5B-5DEA-9276-9A9B6C06C9DF", "3A8F706B-1F40-5DAB-AB25-BA023D568AFA", "3ACF6BFE-C853-50C6-BD49-B76794B8BA53", "3B7408B1-9041-550E-9CB8-83E5F609C37B", "3D8E1FE1-17FA-5A92-B109-DEDB55A6BEAB", "3DFE8091-03AE-565B-A198-BD509784502C", "3E142E8E-743B-5786-9EB8-0FED1933F71D", "3EA1CA63-F1F5-5A86-AB97-E327DAE18E93", "3FB46D12-73E5-58EF-BC2A-4FC103B8FF72", "4066A0A4-284D-5ECC-A476-ADDA61AF9A76", "4096BFF5-03AE-5DA0-8AD6-85D69E2570C1", "40C633CE-4DD0-586D-8773-760E9A70FFBD", "4142DC43-FEB5-5B62-B8C7-B2A4DEB336A6", "4288177C-C609-5D55-A845-D6785929AB4D", "43159333-A26E-5929-A289-0C84DDCF9DEA", "43A7C9D3-EBB3-57B1-B8FB-C651B36501C2", "44463794-7940-582A-AFFF-676628A86A72", "444C7644-3DE2-57B2-ACF8-C2B157E07580", "44DBFE24-1B30-510A-8291-B7043C7FF654", "4557B39D-1DE6-59FA-AF6C-935E8BB15AE5", "45E71437-8181-5EB7-91BD-D6E4343DA0AB", "473FFDA9-E615-53B6-9A81-F98A1ABD700E", "47670E23-A165-5F5D-8C90-5C76DA1ADFEE", "479EB930-7609-5244-8E16-0D8689304D86", "48821FC8-9320-5568-88A3-9B2CC655ADAC", "4B1180FB-F4A3-5FCD-A8D2-65364D1EA9EC", "4B30BFBE-6FDC-5580-9C76-65EA4EBA5DAC", "4B38D813-5C4B-586B-930A-FDDD0FFF304B", "4F11FB83-F6EC-5ED2-B08D-9D86D6104DC7", "4F757EF2-574B-55C7-A017-51DC8BB28C31", "4FBD8560-2AEB-5AD2-9CA3-4A72DEDDE929", "51879B5C-E36F-52B7-B92C-DBA73A21F67D", "5233D0F2-69A2-5220-8016-07D66C226F01", "52BA1465-B7E9-59C1-A20F-E38A5EAE272D", "53A3C2F6-6EF2-52C1-924B-F3A9C95C2A88", "542348EC-7B83-50E0-8F9B-B6AE9968059F", "547FC254-3B26-59EC-AF4D-E5954678AC3D", "54AB8DD9-4A52-50E4-9EE2-046EBD899FFD", "54E7D93D-9216-5EDE-A4AD-8324A367E67B", "54FE5E76-EAF4-5D84-B37F-06F12A6AFF71", "553C3CC1-0126-5554-8BE0-5F577271EBF9", "55AD7FBC-06FB-5D26-A3A6-F9E9D63D45AC", "57742B88-2AA6-5788-825F-92A73CA85718", "578E61DA-1B13-5170-9DAC-60D30F7F8C99", "59A6FBED-4F3E-5B1E-87FF-E637492A268A", "5A5A28A1-2601-54F3-BA06-BCFF1A9DCCA5", "5ABB537C-AD08-57E9-9A29-E747D7C29DE9", "5B1D95CD-139F-5304-8B13-BB4EDD912DFA", "5B6C990F-05A3-5D83-83DF-386A34FB8560", "5C040112-8DE7-57AA-B52D-BDD1965D02E3", "5C116D88-E2CC-5BC3-9A71-3174292E227D", "5CEF4882-D1D5-5861-944F-34E8868BF986", "5D72C8DC-DFFD-56F3-A7AC-9FA83C48F460", "5E633D2D-95D0-5498-840F-EA92BF2C5A00", "5E9FB294-1E29-5DE8-A6F6-6D25B08A31DC", "5FB1E3FD-68C6-50CF-85EF-DBFC0B133C24", "5FC55783-FDF5-5AD8-98B2-C1CBFB4EFCCA", "6083DCC3-CA9C-58A4-9FBC-983DF1E52584", "608B43BB-B31C-5B8A-A962-A58902AEBF2E", "61AC9232-A772-5D63-9DFC-BFE4976418C7", "62F5F8D4-29D7-5B5C-82BC-3D56E7E8D027", "634605C6-F76D-5EDD-9986-EC4EC593168D", "63500AE8-A10A-5388-B314-001A4CFBDFBD", "6413E08F-7E60-50ED-932E-527F515A6C19", "645452DF-222B-51AD-963D-DB002A1FC803", "6600C311-30E5-566D-98F1-AC47E752EBEA", "67E20854-0E30-5FC1-9F24-6A60531BAFF6", "68DCAE72-CB86-55B9-9CB6-653918238C2B", "6A34D9C3-C290-5763-BAF4-F1D6351C4BA2", "6A4495E8-D723-5923-BB6A-B9EA838CF69B", "6AC0E68D-D6F7-55D9-A281-30D7E76D7556", "6BC5CBC6-5A96-5743-8FB7-CEDDF527C52A", "6CC29A1A-24F4-5961-89F9-E7B824C6F37C", "6D93189D-E2D8-5571-88D5-D778E1CB9C23", "6DA59A94-0CD1-5357-8F01-2BF3230F9017", "6F10C51B-BF15-522B-B1CB-BA95361D556E", "6F20D8B7-C252-5759-B02B-F8E2C9D42E38", "6F93E170-75AD-5F5C-B7CC-6C4CEAA695AB", "70582B5B-E1E6-5767-94A6-39740A96A052", "71594B4E-D7FE-534F-8E37-71A1EE08E2E9", "71D962ED-2525-53CE-88D0-D8CD92FB0C02", "743571E7-B8EE-5E77-B047-E2E001379ACE", "75180259-16B4-5B60-9913-BFC9A306560A", "75876A50-BD9B-5991-9E42-7A343A97C890", "76E7C0B8-1EE5-543A-A48E-E3AAEAA8BFF6", "76F6F494-8855-5F94-9675-4474FFFA65A1", "77BE16D3-FEC9-51E3-ADB4-250D5BE6CBD2", "780AD920-FF08-55C6-84C8-A8536C6F5527", "7865A97A-CD10-5E45-9429-CF5F72A6952B", "78C2256A-8ABF-5E34-9268-2EEC0C09E567", "798B7BE8-4F94-5D15-A93C-CFE73333BDC5", "799DA5B7-BCF7-56C7-80E8-EAF2351D78F1", "7A3F31B5-D371-54B1-A81B-3863FBC71F0E", "7B2DA44B-D36F-56A4-B4D8-376B8D2F5586", "7B48A97D-242D-55E0-8A13-BD2727C1261F", "7B9BDDBA-81E8-5739-B3F7-419C0D6E2316", "7BB30379-8D57-5FD7-A90C-1A24B1846A23", "7BCC0C24-A1F7-531E-B1BA-342D21C9AF02", "7C8BD924-02A0-5873-B8AF-445DE0103959", "7F93036E-3036-56D2-97C5-CFAEAB8DB6F2", "8021D807-3EDC-55A7-A9ED-A364159FADEE", "817FB04E-AFFE-567B-8A2C-64C0A8923734", "81A94AF3-F3C2-5DAE-9C64-154CF9502B01", "865C5B8F-B074-5B0D-834A-E714EB00ADFC", "867C95E5-9596-5E6D-BC2F-FC7A610F3A3E", "8697646B-BC1C-5EEB-84C6-2F209E41B64E", "86CE8F3E-1859-58C8-97B5-8D53531EE22A", "87378E23-9FC7-5BA6-BA12-83E90D9581DD", "8ACDC1C6-CE43-5600-9F6F-644A7AD0DA2B", "8B324F0D-EA80-53B5-8ECF-EB5FC5C0EA13", "8D0CF3A6-EC3F-536C-A424-08879FF2F158", "8D604793-908D-5C35-A3EF-6D2688A10312", "8D6FB9A2-59E2-5565-A2C4-B00D9AE074CF", "8E1F0596-03B7-5FCC-8A29-3A8B45D02198", "8F15A064-7841-5899-84CE-8C298A269F83", "8F362564-1631-5AF9-BB38-D1BFC4678DAE", "9227EA61-CA01-5E0A-AF8D-22B03C07A27A", "931205E1-36E0-52BF-A978-D4C326F6A32A", "9327CBCC-5FA0-5155-9C98-3F1488EF2F57", "938D4200-A40C-5294-A146-4DF378B29573", "945E86E8-E114-5F51-991C-13742C6EF49E", "9470FC0C-FB21-50C3-B4E9-5AB439EE325C", "94966928-86D4-5285-9A57-CBDD8F2EF438", "94E003E0-82AE-5CFE-8818-DBA1610BDE3B", "95033F5C-FFFE-58C2-9799-C77E326ACD83", "958F00F1-C4FC-5213-82EA-290A530F859B", "977D06B3-F888-5FFF-8749-BF8AF7868ED6", "9790154B-5F28-5BD4-8541-6EAA8D3E2B36", "97D358EF-90F6-5D12-981B-DAFEB56F784F", "97F1C960-A343-5B1E-B261-4834CF80B790", "98F6C0C3-FC5E-5580-A148-55F2368B18C1", "99A0AA73-B93D-56EF-930D-4FD64A4F4D35", "9C874FAC-8640-5978-8C60-AF6528E5DF60", "9D8C431A-57F3-560C-8146-1232C2C029C2", "9DAC062A-CFE4-5BB0-983A-8BAB512CF589", "9E16D977-AA24-57C3-9BD1-98296F3186F5", "9E4C737D-2D3C-5A43-B638-E131903225BC", "9F3ABA17-E33A-5018-9DCB-AECDD8DE9DEE", "9FE4ADCA-7F2C-505F-AE74-C635FF2CDF75", "A1E14906-26B2-5DF8-95E3-07736CC5DDF2", "A39E4181-7C85-5B10-B0F9-AD286D09BD2A", "A454A9CC-C18E-56A1-B166-1A0E244E0493", "A4A33F39-BA6F-5AC0-B72C-30F0E4D6CD56", "A57FBD78-A654-5CEE-8291-163C8AFB7210", "A5B4FB6B-123B-544F-A4E4-46B0595C1C72", "A6308120-6A99-5D2D-A1F7-6384AC37959C", "AB801839-51E0-5EFE-B00D-ABBB6391399A", "ACB6C453-F1D5-5A65-91C2-DF455B997075", "AE0FE928-3464-53AA-BBD2-B3F9E871CEDD", "AF45D2D0-2D0E-5BD1-89DC-2E2C8E440A75", "AFC5A984-3296-5D6A-AE73-0771AF4EDAF6", "B22E3A22-BF14-5660-977A-2D28D2AA2500", "B4A4F7BE-BF43-5BB6-A4A7-A22C6B9DDCA5", "B5D61CFC-8A10-5D92-B72B-D002C1D7AF33", "B6987F3B-86A1-5FDC-AD92-EAF6D264C14A", "B8D5B910-B397-520E-9526-FE32D86E93D8", "BADF55AF-60C5-5E33-BC19-5DC25FB9E196", "BD33CC4D-EC56-5A22-A712-1B23F8FB141D", "BE66A9B6-104B-5F49-918A-8B913CE46473", "BFBBD550-B2CF-524B-87F6-D0A8980CDFD3", "C0AE83D0-09A6-58EA-A244-1E453E699C04", "C1878361-BBB3-5A2F-8212-945883518690", "C20BAC49-21F2-5BE4-B97B-2561BD95A1A8", "C3153E8C-0590-5D96-8EDC-AEE7E129246E", "C3C6029E-8A78-5C0B-9CF6-51489E455464", "C3DA2A71-DD68-5EF3-AC4C-5A10DECD333B", "C3E394AB-E22C-5A6A-B5AF-2A497DDAC7BA", "C45EBEA7-DE2F-5373-9AA5-334E20EA2D23", "C5531AD4-9DFE-5A81-97D2-D34FD02E2AD6", "C640B511-D1E9-5F57-964D-3826F1C68DF8", "C6493FD0-579F-593F-A1E9-A44793F70419", "C68080B0-3163-5E76-AD65-2B454DBB95EE", "C72759ED-7C42-593C-A3C7-94E2CDB2B105", "C7617E51-4166-5517-879D-6385309E13D8", "C76F7089-967B-5A7F-B8DA-629452876A2A", "C772DCBB-20D0-51DD-A580-F96689E65773", "C7EE8D86-B287-50F5-B8C2-05E11E510900", "C9E3963C-74AF-51D2-ACF7-7687E92D049F", "CA408205-D32D-5A33-B1AF-0B863641C7FC", "CA625124-9F92-5FCF-83A7-3ECF5F0EBBFB", "CA8D6F85-3A73-5070-B9A0-3A47FAE2C784", "CB9B5FAA-47CA-5D85-91B9-0AC5179D527B", "CBCB527D-3C29-5E5B-8C71-D7F20AB001D0", "CBEB0168-C1C9-5A9B-8B92-83E1054E44EA", "CC4175EB-3B91-5ABB-A700-84FC1105AAD5", "D02E385B-76D7-5BDB-A49C-CE858BEB0009", "D0B02251-DCA3-58B6-B887-D339C4EAABF9", "D21F1D28-2C44-5969-8F84-E5C6FF67DCFC", "D2602292-4969-564A-915E-2EFC6661FA35", "D298A3C8-E215-5549-B1A0-D01215070203", "D5003B3C-B1D9-5840-816F-1AFEBCAC7FD3", "D6EE5F29-18C9-5E59-B9E2-01DC93F5ACE9", "D72095BC-06C5-50B2-8F66-EC86811783D3", "D77DEF60-6E7D-5708-B9F2-DB4EA3E38C23", "D77EE79D-71A5-51BA-9A16-DC757F86CC50", "D813949A-183D-55ED-AF64-B130B8F95A56", "DA01F84A-9B1D-5337-A465-2A9AB088C056", "DAB5D6B4-8A2D-58C0-835F-DA4F27B2142D", "DBBD6963-3870-5117-A829-3DE976AE90E2", "DE88B6AE-5D54-5B49-A097-57038C720463", "E0452D6A-51BC-51F5-9C1C-6CF01DA2805E", "E07C4625-66EE-5E09-880C-251E6273C21A", "E0A2EF02-5087-5522-ABA0-52F4142BB87B", "E1457E6C-87A3-5557-A3F2-175005D2A765", "E1ABFD41-98C8-576F-8509-5541B40FD442", "E1FC5745-FCD7-58AF-9F4D-65D94090BBAB", "E278D22E-7EC5-5A63-ADFC-EDEFDC650AA1", "E4E73A91-5275-59C0-AB2A-7F3EE83DDE28", "E655806B-A2A8-5BCB-A30A-0120CA3E97A6", "E6E03693-50B8-5AB4-B766-8464A228BA02", "E9B21C59-ED98-5B3B-A993-F1C214F8796C", "EA1AF0D9-1E6E-5080-BB7C-9D6035795FFB", "EA3173CE-C426-5047-864A-480B1A30F235", "EA3C5D7E-0CC8-5AEC-8D7F-3C245A834DDA", "EB648301-A198-5E4A-A72E-9639ED09F6C9", "EC0987E2-0001-5D63-A5AF-09675A5915BD", "EC35769F-2EAD-5464-8F97-D90F768E1E2D", "EDDA4558-9527-5BDE-86E3-23DDD0BA5443", "EE01D764-5F14-5C0A-BD77-8E32854C5216", "EFD098FC-90C8-5665-98B7-79C96C6AEBAE", "F1D342BE-E1E0-5B33-A19B-E2EB9E3E7C80", "F1E9BE6D-4024-56FB-80BB-B10ED5889144", "F208D311-79CA-5A2C-AE81-591BA4D30750", "F2F2719B-7041-5D1A-A95A-7617360B1D08", "F32DF396-0485-5F43-8A52-31B8DD252790", "F388C84A-40DA-58BC-BE0A-74C7E1712C54", "F3A40027-6DB5-509C-81CF-473DE3BEF46E", "F4C136DE-892B-5921-8475-E30BD548DDBB", "F523E799-3659-532F-8EED-40AD7F79E752", "F594470D-2599-5B2E-B317-C9720581C07D", "F7994B92-2846-5644-8B68-EFB6DFB95ED2", "FB593988-2CFC-5828-8229-9274AC7B0F86", "FB65C479-F4E7-58BA-BC4A-AED04F10A11C", "FB83113C-AABD-5893-8DDE-332B57F4FDD4", "FD65F47A-0B60-5F08-BFC2-1ABD16F49781", "FE8572DF-42D4-521C-B3DC-4715C2F9240D"]}, {"type": "hackerone", "idList": ["H1:1238099", "H1:1238709", "H1:1423496", "H1:1427589", "H1:1438393"]}, {"type": "hivepro", "idList": ["HIVEPRO:205916945365E4C9EB9829951A82295A"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20211215-01-LOG4J"]}, {"type": "ibm", "idList": ["06543959E3F80611BA94C3105900D725FA079835346EA88779BC4F272E259FC6", "0665925DF5F067ECF5E297BA3C90127DB89591002C77E6A2724DF5A757C0156C", "08493CBA8B1A8F34C7786760C52C7997B8AE1C300A4CD3A03EEF9B528175E0E6", "0D5D9C62E3772E12A0A361D23CC8D2FE21F9AD572A09912E906D408ED2270FAA", "11FEAADF6A94DFB6615A82EE0023D346C418ECD114C445A6BA52D50AA2C6FE0B", "14849B70FB8D1FD1B1485C3A35CC1AC4707F86D18C75B440EBA32375A28C39FA", "1629CA1DFD389EEFF25556E8C9B707086E571E474449820E949D944C6EB994C3", "18578ECA481CB003C14A84CA7A47ACA060F579C24F4075A776AF26B575502960", "18A5E6C2581806177DE446AE26FCBC2EBB616C29B40041253F318FF51CE1AFB5", "22A3084E2002F23895BAE53AE66469749F21716FF3B8CF15A58E6BBC0C953322", "23532FC7488A1E0A5525D86FA8B58841ED6086B69C02A7FBB104B3F98E2ED3CE", "2709A19D29B9047D230E570EBF5F26A53D322D557D88CBCFB480F1AFEEF6797C", "3944066115BDCBD3922126FE86DD126D42F66D1D301D1FD016CEC3B5DADEA3E9", "4204EAC341D63510AAFE13D5F22BA14E92396D43569176E371BFB452611D1A97", "4271B86469CFCE465E783BEC3C9F3EDD13D645F55A5BEB697F3A4FCF694E568B", "45F3E79F778FF116B7E1BB62B97CC9ADC2834AB5E2280953B0DB7A3ACB3667BE", "4B5F807E31A15D407C9BF25DF122E3434713ABE31B456A9F1B5453022433CDC2", "519FF26BE329CC59BFF47E2AAC0D4B73FCA35BCF836D736A007D121863323E8C", "53949D71EE0D6BBA6C433F4DE402EC6D1ED7AA7877C8B84C15AD5E27FFEBE24E", "53D2631E5E76894870663A2B4948D3A4F72BDEEDF8C87935B788F981BEE5852B", "58868A8A56E187AE7CFDC0168A9534F5C483AC0F042B7ADF09CCBE3D8A901101", "5B37505321D5F8F7903F3D322DE9A25CE9354A44961D5523B7814C9B66262032", "5DE317A3D702E314106A0461B547D467E6BB3DB2762FE0C1E94E7E11DDF4B131", "61B9181EB54A0FEA76BDF465A9DD7A1E27734744F2B1A6386C84D309D1C6CCCD", "6CB020CE84694787BB12E05DCB6CC95C33681B735ED0D48ED68FF5A99DD1D7A4", "6FCF3A6897C9A1A085633762339E7EC8DFE631B6D2A160FA5D1ADBC3E11F92E1", "75292E3923B26B0E2E5FF96584620DDCD8E3FA9B1B48381C5BCAA4B6590D82C7", "78F199BD0B7C851B9B51668C7C03C7066EA862D4D07B5141F8116EE923472533", "797C010D7F91BFD9A4AED687662A3AD4BBC6C570591ECDE2F84EA7CAFC728939", "7CCDD8E65FBE1F2581D0942E2116E4E61FB4753B4D48798C9D2BC8624C94826A", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7E846C52FF7D26445DCFC4472B6BC7E4EEADFD45513EDDFC6C395E9B800F576B", "8191B5D601C7F186266C65C8DC79A0B94EDA45737524796672F9272DD3278F4E", "88119FF28113E384895FADEA63C7ABC2906571B02A874CF9D50260071AD58FB7", "881325FD02A11D222F8C6387D2AE6C395F5DB0E807D0D6809EDA591A93C5ECA9", "8968C94B71BE086C952CFA8BF1B1924C1CF6FFECA8B8864B828E68AABA1D96E8", "8A20ED34CC4EABFD78A0599C47EC735B1923D5C4CE1DF595D753961732461EA4", "8BFAECB607AC421152AB7F28771EB7E348ED67531945E81E90370668E3D5E611", "8FA41F50A028003D6689B034A6CA3E840361D121B9F4B4350B17EAB4605438C4", "900B686502E0C61F1BAA043F9387495F4C4AF282D993D0971AFB618978232651", "91791263F482BE4327CB96A074DA5FD8EB133EF9DA47BE41713B960DCA5C33B4", "93CDFA8C03248D597D60C2017F7D733F4F700BE22196422C5BBCCF8512C483EA", "9D21714C8A46FFA3AB195D14E14C9E6854AE7C8D7E68CC48DA42B63AB322B14A", "9D675243F41B597AEE7EC01ACEA307E5B73DA85724CE286F50180E2EF0DDC2E8", "A740554B49FF2C28448E8B6CAEB6B5186A59385D0F06901909CFF1DCA81D60FC", "B07B2DDB76A96BB8480E22188347E3C9EE42A03F24868518880519216E52F154", "B682A1DCF5A33AB9CBD3062B0DF0A131D5180AA2BBD201782B95DC8A2C33D1AA", "B7376C4EB80B7D4936C0682206BD2DC0AD5969B181368D3EB95A8FBA366BDB63", "B7852BDD3533186AC6979A54CCDE0022BDF398859D24F1C5947BA48C3FFF817D", "BE7DD314CD7039219534B2612D0FEFD382DCC5D154AD49257A517A91FA728423", "C7FAA00C9C125584B8B9505CE7E7AC97AF7514904E37D2747A78CB0B5B0F3315", "CA111B4E9CA9EC240292C6D00FE0CF8C7559AC1453E3199BC3370D149FB11174", "CE6A6F0970C169F7DBE65AA5DFCFCEC0BEA99E837906D043FD4B6D3BF7A87D67", "CF49D3C68973180FF18BD6C75A4B377A56810C21E28DDDFFBFD24EC340BB8DA8", "D7F42748501798B46C92E5DDE65168A07A34CDC17FA2997DA4B2703CB1DEE689", "D928C805B6C7AD1BA5D5DA1EB77352559E54787E379CD22474A13592C0B83C20", "DCE05236BD35B28C109059A740CACEE5CE345130605BA9DEA39EFDA6BC532303", "DD0F134566603D6A0E5E50A163E031437D8715545DCC8A6A2285C28BD48328D0", "E4141DD78AFBC22DDE732910F84CF4E67B4F57A1062C9D9AFC473A5AF4412618", "E636319395E5D666C247860149142969762B284D3BE296819A5644E6AE6DDA15", "E679F241D5F455DCABCB653D142792B97352015B6DD79A1EB36DB0B4D54B2902", "EBDD1B77CC71D5E7D7E88D21F7F8C7988F44B743E7ABCFC5258E806235EC65A9", "ED78D94545EF8A4A811D2C198EC427B8C46CA1FE3BBC9D6A2DC20DD440CB6FDC", "EE7C7082B77D791A00974EDB50B2C0657DE8DB73762954DFE571C7419512AB7D", "EFC94A6E1DA52C8EA7A5811D6A4381770FA24130DB4CFD911120046DD916261B", "F9AB06770448FA3E4FD25D51718E68EDF2A19C2ABF8D6E9BD3EB8FAE9FE904CC", "FEEA34664C5A4E976332334C2C71D85372FBA61A35160B36A5D423F817DFCA12"]}, {"type": "ics", "idList": ["ICSA-22-034-01"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:357497C932E21C66FB08D2C9B8EE9CA2", "IMPERVABLOG:BE9CCB7ADF74E2AEFC999FEE704CDE71", "IMPERVABLOG:BEE8EB9D446D0AF62464EE59DFA0CE0E"]}, {"type": "kaspersky", "idList": ["KLA12390", "KLA12391", "KLA12392", "KLA12393"]}, {"type": "kitploit", "idList": ["KITPLOIT:134021490040098714", "KITPLOIT:144331229809700743", "KITPLOIT:3188944951765917430", "KITPLOIT:3773942873037113539", "KITPLOIT:4125185526326677098", "KITPLOIT:4333067961180534072", "KITPLOIT:4654779182065061303", "KITPLOIT:5104415481503400470", "KITPLOIT:522409803487164759", "KITPLOIT:5734436811250397170", "KITPLOIT:5789499291738758939", "KITPLOIT:6422486000446318290", "KITPLOIT:6759391622067035795", "KITPLOIT:7976092996345827446", "KITPLOIT:8031680161397698025", "KITPLOIT:8148701901300660800", "KITPLOIT:8266451932034361580", "KITPLOIT:8945091038325456871"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:39A05D4A4EC81966F7A1721DFACB3470", "MALWAREBYTES:A325F8FB1D527BD3C6C1C3A187840632"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/SCANNER/HTTP/LOG4SHELL_SCANNER/", "MSF:EXPLOIT/MULTI/HTTP/LOG4SHELL_HEADER_INJECTION/"]}, {"type": "mmpc", "idList": ["MMPC:42ECD98DCF925DC4063DE66F75FB5433", "MMPC:BB2F5840056D55375C4A19D2FF07C695"]}, {"type": "mscve", "idList": ["MS:CVE-2021-44228"]}, {"type": "msrc", "idList": ["MSRC:543F3A129A47F4B14FB170389908717B"]}, {"type": "mssecure", "idList": ["MSSECURE:42ECD98DCF925DC4063DE66F75FB5433", "MSSECURE:BB2F5840056D55375C4A19D2FF07C695"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-001.NASL", "AL2_ALAS-2021-1718.NASL", "AL2_ALAS-2021-1726.NASL", "AL2_ALAS-2021-1730.NASL", "AL2_ALAS-2021-1731.NASL", "ALA_ALAS-2021-1553.NASL", "APACHE_LOG4J_2_15_0.NASL", "APACHE_LOG4J_2_16_0.NASL", "APACHE_LOG4J_2_16_0_MAC.NASL", "APACHE_LOG4J_2_17_0.NASL", "APACHE_LOG4J_2_17_0_MAC.NASL", "APACHE_LOG4J_JDNI_LDAP_GENERIC.NBIN", "APACHE_LOG4J_JDNI_LDAP_GENERIC_HTTP_HEADERS.NBIN", "APACHE_LOG4J_JDNI_LDAP_GENERIC_TELNET.NBIN", "APACHE_LOG4J_JNDI_LDAP_GENERIC_RAW.NBIN", "APACHE_LOG4J_WIN_2_15_0.NASL", "APACHE_LOG4SHELL_CVE-2021-45056_DIRECT_CHECK.NBIN", "APACHE_LOG4SHELL_IMAP.NBIN", "APACHE_LOG4SHELL_NETBIOS.NBIN", "APACHE_LOG4SHELL_POP3.NBIN", "APACHE_LOG4SHELL_SMTP.NBIN", "APACHE_LOG4SHELL_SSH.NBIN", "CENTOS8_RHSA-2021-5171.NASL", "CENTOS_RHSA-2021-3889.NASL", "CENTOS_RHSA-2021-3892.NASL", "DEBIAN_DLA-2842.NASL", "DEBIAN_DSA-5000.NASL", "DEBIAN_DSA-5020.NASL", "DEBIAN_DSA-5022.NASL", "DEBIAN_DSA-5024.NASL", "EULEROS_SA-2022-1169.NASL", "EULEROS_SA-2022-1170.NASL", "EULEROS_SA-2022-1195.NASL", "FREEBSD_PKG_1EA05BB85D7411ECBB1E001517A2E1A4.NASL", "FREEBSD_PKG_3FADD7E4F8FB45A0A2188FD6423C338F.NASL", "FREEBSD_PKG_4B1AC5A35BD411EC8602589CFC007716.NASL", "FREEBSD_PKG_515DF85A5CD711ECA16D001517A2E1A4.NASL", "FREEBSD_PKG_650734B2766541709A0AEECED5E10A5E.NASL", "FREEBSD_PKG_A9C5E89D2D1511EC83630022489AD614.NASL", "LOG4J_LOG4SHELL_FTP.NBIN", "LOG4J_LOG4SHELL_SIP_INVITE.NBIN", "LOG4J_LOG4SHELL_SMB.NBIN", "LOG4J_LOG4SHELL_WWW.NBIN", "NODEJS_2021_OCT_12.NASL", "OPENSUSE-2021-1480.NASL", "OPENSUSE-2021-1574.NASL", "OPENSUSE-2021-1577.NASL", "OPENSUSE-2021-1586.NASL", "OPENSUSE-2021-1601.NASL", "OPENSUSE-2021-2612.NASL", "OPENSUSE-2021-3615.NASL", "OPENSUSE-2021-3671.NASL", "OPENSUSE-2021-3940.NASL", "OPENSUSE-2021-3964.NASL", "OPENSUSE-2021-3999.NASL", "OPENSUSE-2021-4094.NASL", "OPENSUSE-2021-4107.NASL", "OPENSUSE-2021-4109.NASL", "OPENSUSE-2021-4118.NASL", "ORACLELINUX_ELSA-2021-3889.NASL", "ORACLELINUX_ELSA-2021-3891.NASL", "ORACLELINUX_ELSA-2021-3892.NASL", "ORACLELINUX_ELSA-2021-3893.NASL", "ORACLELINUX_ELSA-2021-4135.NASL", "ORACLELINUX_ELSA-2021-5171.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_OCT_2021.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_OCT_2021.NASL", "REDHAT-RHSA-2021-3884.NASL", "REDHAT-RHSA-2021-3885.NASL", "REDHAT-RHSA-2021-3886.NASL", "REDHAT-RHSA-2021-3887.NASL", "REDHAT-RHSA-2021-3889.NASL", "REDHAT-RHSA-2021-3891.NASL", "REDHAT-RHSA-2021-3892.NASL", "REDHAT-RHSA-2021-3893.NASL", "REDHAT-RHSA-2021-5030.NASL", "REDHAT-RHSA-2021-5171.NASL", "SL_20211020_JAVA_11_OPENJDK_ON_SL7_X.NASL", "SL_20211020_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "SUSE_SU-2021-2612-1.NASL", "SUSE_SU-2021-3671-1.NASL", "SUSE_SU-2021-3886-1.NASL", "SUSE_SU-2021-3940-1.NASL", "SUSE_SU-2022-0101-1.NASL", "SUSE_SU-2022-0107-1.NASL", "SUSE_SU-2022-0108-1.NASL", "SUSE_SU-2022-14875-1.NASL", "UBUNTU_USN-5192-1.NASL", "UBUNTU_USN-5192-2.NASL", "UBUNTU_USN-5197-1.NASL", "UBUNTU_USN-5202-1.NASL", "UBUNTU_USN-5203-1.NASL", "VMWARE_VCENTER_LOG4SHELL.NBIN", "WEB_APPLICATION_SCANNING_113075"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2022"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-3889", "ELSA-2021-3891", "ELSA-2021-3892", "ELSA-2021-3893", "ELSA-2021-4135", "ELSA-2021-5171"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:165261", "PACKETSTORM:165270", "PACKETSTORM:165642"]}, {"type": "paloalto", "idList": ["PA-CVE-2021-44228"]}, {"type": "qt", "idList": ["QT:7EFAEDCED59EA2EE3AB98A0A484C5825"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:13C1A00A7D0A7B1BB16D0AB5B1E9B51A", "QUALYSBLOG:3FADA4B80DBBF178154C0729CFC1358F", "QUALYSBLOG:42335884011D582222F08AEF81D70B94", "QUALYSBLOG:5059D1C3913FB6542F3283A66F9B3A43", "QUALYSBLOG:68BBBF644900DA0A883AABB0E4E3F28B", "QUALYSBLOG:C3C14B989683A02C2C9A98CE918FBC3C"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:078D5EE222682A75AE1A1A3A3684E38D", "RAPID7BLOG:18D49792276E208F17E7D64BCE2FDEF6", "RAPID7BLOG:2FFDE45F01FA44216BE91DD7AFA0D060", "RAPID7BLOG:4CDB288231FA4BF52C0067D9D4FEABBF", "RAPID7BLOG:6EADCD983283E3D546EF2907978E95F1", "RAPID7BLOG:9CB105938BDE92F573A2DE68BC20CF46", "RAPID7BLOG:9F3C0081D4135E83F44053063F0E78EE", "RAPID7BLOG:B6DE24165AA9AA83EDA117170EDDAD44", "RAPID7BLOG:CB62092B4C7E70876CF276BA04DD7597", "RAPID7BLOG:E43819A7DE1DD0F60E63E67A27B9301B", "RAPID7BLOG:F37BD0C67170721734A26D15E6D99B3E"]}, {"type": "redhat", "idList": ["RHSA-2021:5030", "RHSA-2022:0044", "RHSA-2022:0223"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-22959", "RH:CVE-2021-35517", "RH:CVE-2021-35556", "RH:CVE-2021-35559", "RH:CVE-2021-35560", "RH:CVE-2021-35564", "RH:CVE-2021-35565", "RH:CVE-2021-35578", "RH:CVE-2021-35586", "RH:CVE-2021-35588", "RH:CVE-2021-36090", "RH:CVE-2021-41035", "RH:CVE-2021-4104", "RH:CVE-2021-4125", "RH:CVE-2021-44228", "RH:CVE-2021-45046", "RH:CVE-2021-45105"]}, {"type": "rocky", "idList": ["RLSA-2021:3891", "RLSA-2021:3893"]}, {"type": "securelist", "idList": ["SECURELIST:7A375F44156FACA25A0B3990F2CD73C1", "SECURELIST:9CC623A02615C07A9CEABD0C58DE7931"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1115-1", "OPENSUSE-SU-2021:1455-1", "OPENSUSE-SU-2021:1480-1", "OPENSUSE-SU-2021:1552-1", "OPENSUSE-SU-2021:1574-1", "OPENSUSE-SU-2021:1577-1", "OPENSUSE-SU-2021:1586-1", "OPENSUSE-SU-2021:1601-1", "OPENSUSE-SU-2021:1605-1", "OPENSUSE-SU-2021:2612-1", "OPENSUSE-SU-2021:3615-1", "OPENSUSE-SU-2021:3671-1", "OPENSUSE-SU-2021:3770-1", "OPENSUSE-SU-2021:3940-1", "OPENSUSE-SU-2021:3964-1", "OPENSUSE-SU-2021:3999-1", "OPENSUSE-SU-2021:4094-1", "OPENSUSE-SU-2021:4107-1", "OPENSUSE-SU-2021:4109-1", "OPENSUSE-SU-2021:4118-1", "OPENSUSE-SU-2022:0108-1"]}, {"type": "symantec", "idList": ["SMNTC-19793"]}, {"type": "thn", "idList": ["THN:0468E8E1C5525F2A9F2ED37592AE0910", "THN:15D4F25153F9911661383B3B2153469D", "THN:16B3DB5DFBB6E86B79815E0E44D48021", "THN:1E1BEA193C556F91F471CD5B785B85B3", "THN:1E4DA950F02E02DFD1649B39A06A82C6", "THN:2656971C06C4E3D4B0A8C0AC02BBB775", "THN:317555CB8AA3A9E1AE70E218E44CC2EE", "THN:36D12A8768EE450B36B1C8D186F023E5", "THN:3E7257F45C71DCBDD0C320E7AAF383CA", "THN:4BC5D1A9ACDADBABF85BF51166D61386", "THN:5BAE3325983F971D1108722C454FF9AB", "THN:5CB7AEBFFE369D293598A4FDBFDFCEE3", "THN:5D8CEBFFF41D128545CD83F6F45D68F4", "THN:602D65D576B090BAC4B0C96998F8F922", "THN:656628F2B0FBE9789F4434FCAFFBCFE1", "THN:668DE2C9CFD709125451AF8F3FE12E6C", "THN:683B509BDB84EA9FEBCF0B1EE68D0C08", "THN:686DDFA07B415C41BA7AB9B8970557EF", "THN:6E47D45D685F44083BE0A6763799D209", "THN:7192158FCB73BD803AF179B755D61CD1", "THN:76D7572EDBE770410D6F0518DAD8B0AD", "THN:83D31EE6B3E59778D812B3B7E67D7CD6", "THN:88184AFF85BF7EC0848D95E6BB0BEDB4", "THN:9C12FFDB69779929861327CF77B13726", "THN:A12549603E494D035DF4BABEC04EBD5D", "THN:AFF2BD38CB9578D0F4CA96A145933627", "THN:C221700D7BBC27110090E137F7288FA3", "THN:DC2D78987D283D806FF145511EF10596", "THN:E006E516DD134F047ED991AC23F057A4", "THN:F8D94BE25D6D25E0F52FB4433E619721", "THN:FADB0A82C9DCE0870E617D4A8E5A34A6"]}, {"type": "threatpost", "idList": ["THREATPOST:065F7608AC06475E765018E97F14998D", "THREATPOST:09118C676E28AC5D7BB791E76F75453C", "THREATPOST:0B290DDF3FE14178760FDC2229CB1383", "THREATPOST:10D0F1DDDD6C211DA3CE6395900B7C54", "THREATPOST:187B01687ED5D3975CD6E42E84DD9B13", "THREATPOST:1F99A9A6A418194B87E5468CC8344FBF", "THREATPOST:31D14CEE5977BF71F79F7C30AEC10698", "THREATPOST:34D98758A035C36FED68DDD940415845", "THREATPOST:38E8D69F26ADB15A989532924B2A98C4", "THREATPOST:3ADFDD3CC93B03F83C2CEC5583B016AB", "THREATPOST:46837E7270195429E1D891848E911254", "THREATPOST:49177F7B5015CE94637C97F64C2D4138", "THREATPOST:4D63851D1493E3861204B674ADBC7F01", "THREATPOST:5B9D3D8DB4BFEDE846215C1877B275ED", "THREATPOST:5CCE0C2607242B16B2880B331167526C", "THREATPOST:76A5549135F9D578FFC2C8FACC135193", "THREATPOST:81021088670E95FC0EBB2F53E1FB2AD2", "THREATPOST:81DEAED9A2A367373ADA49F1CCDCA95D", "THREATPOST:8601D6EF6AB3201E582A218391B19C3F", "THREATPOST:8A372065BFA1E6839DAF0386E9D8A1F5", "THREATPOST:8B78588647E8548B06361DBB1F279468", "THREATPOST:95BDCA2096B58A0697E169C01B1E0F09", "THREATPOST:97D06649A596B5E25E2A11E3D275748B", "THREATPOST:9922BFA77AFE6A6D35DFEA77A4D195C0", "THREATPOST:AFD74E86954C5A08B3F246887333BDF3", "THREATPOST:B11E42D0B4C56E4CC482DEF6EA0B4AC7", "THREATPOST:B318814572E066732E6C32CC147D95E2", "THREATPOST:D098942E4435832E619282E1B92C9E0F", "THREATPOST:D358CF7B956451F0C53F878AF811409F", "THREATPOST:E09CE3FA2B76F03886BA3C2D4DB4D8DB"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:C927C873A9E9A7AF6B74D64EFAFA6B02"]}, {"type": "typo3", "idList": ["TYPO3-PSA-2021-004"]}, {"type": "ubuntu", "idList": ["USN-5192-1", "USN-5192-2", "USN-5197-1", "USN-5202-1", "USN-5203-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-22959", "UB:CVE-2021-22960", "UB:CVE-2021-35517", "UB:CVE-2021-35556", "UB:CVE-2021-35559", "UB:CVE-2021-35560", "UB:CVE-2021-35564", "UB:CVE-2021-35565", "UB:CVE-2021-35578", "UB:CVE-2021-35586", "UB:CVE-2021-35588", "UB:CVE-2021-36090", "UB:CVE-2021-44228", "UB:CVE-2021-45046", "UB:CVE-2021-45105"]}, {"type": "vmware", "idList": ["VMSA-2021-0028.9"]}, {"type": "wallarmlab", "idList": ["WALLARMLAB:060FBB90648BCDE11554492408AE89C8", "WALLARMLAB:2AAA5E62EED6807B93FB40361B4927CB", "WALLARMLAB:90D3FFE69FF928689D36310EF8B1C4F3", "WALLARMLAB:E86F01AF50087BEB03AAB46947CDE884"]}, {"type": "zdi", "idList": ["ZDI-21-1541"]}, {"type": "zdt", "idList": ["1337DAY-ID-37135", "1337DAY-ID-37136", "1337DAY-ID-37257"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "ibm cloud transformation advisor", "version": 2}]}, "epss": [{"cve": "CVE-2021-22959", "epss": "0.001000000", "percentile": "0.398010000", "modified": "2023-03-17"}, {"cve": "CVE-2021-22960", "epss": "0.001000000", "percentile": "0.398010000", "modified": "2023-03-17"}, {"cve": "CVE-2021-29842", "epss": "0.000910000", "percentile": "0.374610000", "modified": "2023-03-17"}, {"cve": "CVE-2021-35517", "epss": "0.002920000", "percentile": "0.642720000", "modified": "2023-03-17"}, {"cve": "CVE-2021-35556", "epss": "0.000930000", "percentile": "0.381370000", "modified": "2023-03-17"}, {"cve": "CVE-2021-35559", "epss": "0.000930000", "percentile": "0.381370000", "modified": "2023-03-17"}, {"cve": "CVE-2021-35560", "epss": "0.002970000", "percentile": "0.645880000", "modified": "2023-03-17"}, {"cve": "CVE-2021-35564", "epss": "0.000990000", "percentile": "0.395940000", "modified": "2023-03-17"}, {"cve": "CVE-2021-35565", "epss": "0.000890000", "percentile": "0.363550000", "modified": "2023-03-17"}, {"cve": "CVE-2021-35578", "epss": "0.000940000", "percentile": "0.384160000", "modified": "2023-03-17"}, {"cve": "CVE-2021-35586", "epss": "0.000940000", "percentile": "0.384160000", "modified": "2023-03-17"}, {"cve": "CVE-2021-35588", "epss": "0.000880000", "percentile": "0.360430000", "modified": "2023-03-17"}, {"cve": "CVE-2021-36090", "epss": "0.002180000", "percentile": "0.580680000", "modified": "2023-03-17"}, {"cve": "CVE-2021-41035", "epss": "0.001450000", "percentile": "0.486200000", "modified": "2023-03-17"}, {"cve": "CVE-2021-44228", "epss": "0.975780000", "percentile": "0.999980000", "modified": "2023-03-18"}, {"cve": "CVE-2021-45046", "epss": "0.974160000", "percentile": "0.998510000", "modified": "2023-03-18"}, {"cve": "CVE-2021-45105", "epss": "0.972620000", "percentile": "0.996990000", "modified": "2023-03-18"}], "vulnersScore": 0.5}, "_state": {"dependencies": 1677548348, "score": 1677548601, "affected_software_major_version": 1677549706, "epss": 1679176287}, "_internal": {"score_hash": "891e27ef669b118cce8084eeb9cd2d25"}, "affectedSoftware": [{"version": "2.5", "operator": "eq", "name": "ibm cloud transformation advisor"}]}

{"ibm": [{"lastseen": "2023-02-28T01:50:38", "description": "## Summary\n\nIBM Cloud Transformation Advisor, which is bundled with IBM Cloud Pak for Applications, has addressed multiple security vulnerabilities (CVE-2021-35517, CVE-2021-36090, CVE-2021-45105, CVE-2021-45046, CVE-2021-22960, CVE-2021-35560, CVE-2021-35586, CVE-2021-35578, CVE-2021-35564, CVE-2021-35559, CVE-2021-35556, CVE-2021-35565, CVE-2021-35588, CVE-2021-41035, CVE-2021-22959, CVE-2021-29842, 211964).\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Product(s) and Version(s)| Affected Product(s) and Version(s) \n---|--- \nIBM Cloud Pak for Applications, 4.3| IBM Cloud Transformation Advisor, 2.5.1 \n \n\n\n## Remediation/Fixes\n\n[Security Bulletin: Multiple Security Vulnerabilities Affect IBM Cloud Transformation](<https://www.ibm.com/support/pages/node/6539506>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-11T20:04:22", "type": "ibm", "title": "Security Bulletin: IBM Cloud Transformation Advisor, which is bundled with IBM Cloud Pak for Applications, has addressed multiple security vulnerabilities.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22959", "CVE-2021-22960", "CVE-2021-29842", "CVE-2021-35517", "CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-36090", "CVE-2021-41035", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-11T20:04:22", "id": "838686EA8660AF45865AC08A8AAF01B25ECE89F900D760F085C235BD477978AE", "href": "https://www.ibm.com/support/pages/node/6540004", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:50:38", "description": "## Summary\n\nIBM Cloud Transformation Advisor, which is bundled with IBM Websphere Hybrid Edition, has addressed multiple security vulnerabilities (CVE-2021-35517, CVE-2021-36090, CVE-2021-45105, CVE-2021-45046, CVE-2021-22960, CVE-2021-35560, CVE-2021-35586, CVE-2021-35578, CVE-2021-35564, CVE-2021-35559, CVE-2021-35556, CVE-2021-35565, CVE-2021-35588, CVE-2021-41035, CVE-2021-22959, CVE-2021-29842, 211964).\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPrincipal Affected Product(s) and Version(s) | Affected Product(s) and Version(s) \n---|--- \nIBM WebSphere Hybrid Edition, 5.0.0, 5.0.1| IBM Cloud Transformation Advisor, 2.5.1 \n \n\n\n## Remediation/Fixes\n\n[Security Bulletin: Multiple Security Vulnerabilities Affect IBM Cloud Transformation](<https://www.ibm.com/support/pages/node/6539506>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-11T20:06:51", "type": "ibm", "title": "Security Bulletin: IBM Cloud Transformation Advisor, which is bundled with IBM WebSphere Hybrid Edition, has addressed multiple security vulnerabilities.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22959", "CVE-2021-22960", "CVE-2021-29842", "CVE-2021-35517", "CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-36090", "CVE-2021-41035", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-11T20:06:51", "id": "F7232359E6413A274B62C22CB7BF1EF8C428ADFBF22EF7B9B913D63D087BCACB", "href": "https://www.ibm.com/support/pages/node/6540010", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:52:03", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8 used by IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM\u00ae SDK, Java\u2122 Technology Edition has been published in a security bulletin.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could provide weaker than expected security, caused by the failure to throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Business Service Manager| 6.2.0 \n \n\n\n## Remediation/Fixes\n\nAffected Products and Versions\n\n_Principal Product and Version(s)_| _Affected Supporting Product and Version(s)_ \n---|--- \nIBM Tivoli Business Service Manager 6.2.0| IBM\u00ae SDK, Java\u2122 Technology Edition Version 8.0.0.0 ~ 8.0.6.36 \n \nRemediation/Fixes\n\n_Principal Product and Version(s)_| _Affected Supporting Product and Version(s)_ \n---|--- \nIBM Tivoli Business Service Manager 6.2.0| \n\n[Security Bulletin: Multiple vulnerabilities may affect IBM\u00ae SDK, Java\u2122 Technology Edition](<https://www.ibm.com/support/pages/node/6522860> \"Security Bulletin: Multiple vulnerabilities may affect IBM\u00ae SDK, Java\u2122 Technology Edition\" )\n\nUpgrade to IBM\u00ae SDK, Java\u2122 Technology Edition Version 8 Service Refresh 7. Please refer to [How to upgrade JREs shipped with Tivoli Business Service Manager](<https://www.ibm.com/support/pages/how-upgrade-jres-shipped-tivoli-business-service-manager>) on how to upgrade the Java runtime. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-08T16:55:32", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2021-12-08T16:55:32", "id": "EE7C7082B77D791A00974EDB50B2C0657DE8DB73762954DFE571C7419512AB7D", "href": "https://www.ibm.com/support/pages/node/6524676", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:51:52", "description": "## Summary\n\nMultiple vulnerabilities are identified in IBM\u00ae SDK Java\u2122 Technology Edition Version 1.8 that is used by IBM Rational Asset Analyzer. These issues were disclosed as part of the IBM Java SDK updates in October 2021 .\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could provide weaker than expected security, caused by the failure to throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nRational Asset Analyzer (RAA)| 6.1.0.0 - 6.1.0.23 \n \n\n\n## Remediation/Fixes\n\nApply the corresponding fix from FIX Central. Note the release date of 2021/12/09. \n\n**Windows Version**| [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Rational+Asset+Analyzer&release=6.1.0.23&platform=Windows&function=all> \"Fix Central\" ) \n---|--- \n**z/OS Version**| [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Rational+Asset+Analyzer&release=6.1.0.23&platform=z/OS&function=all> \"Fix Central\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-14T03:28:58", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in IBM Java affecting IBM Rational Asset Analyzer.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2021-12-14T03:28:58", "id": "8BFAECB607AC421152AB7F28771EB7E348ED67531945E81E90370668E3D5E611", "href": "https://www.ibm.com/support/pages/node/6526068", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-15T01:33:29", "description": "## Summary\n\nIBM CICS TX on Cloud has addressed the following vulnerabilities reported by IBM\u00ae Runtime Environment Java\u2122 \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s) \n** \n---|--- \nIBM CICS TX on Cloud| 10.1.0.0 \n \n \n\n\n## Remediation/Fixes\n\n**Product(s)**| **Version(s) number and/or range **| **Defect \n**| **Remediation/Fix/Instructions** \n---|---|---|--- \nIBM CICS TX on Cloud| 10.1.0.0| 127572 | [Fix Central Link](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCICS+TX+on+Cloud&fixids=ibm-cics-tx-on-cloud-docker-image-10.1.0.0-ifix7&source=SAR> \"Fix Central Link\" ) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-14T20:51:49", "type": "ibm", "title": "Security Bulletin: A vulnerability in IBM Java Runtime affects IBM CICS TX on Cloud", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2023-02-14T20:51:49", "id": "1043C9B5ADA0CF1BBF8E9DE491E84D20E919E7A942A9DC281DA349673B5F1821", "href": "https://www.ibm.com/support/pages/node/6555112", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:48:47", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Versions 8.0.6.35, used by IBM Connect:Direct Web Services. IBM Connect:Direct Web Services has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nSterling Connect Direct Web Services| 1.0 \nIBM Connect:Direct Web Services| 6.0 \n \n\n\n## Remediation/Fixes\n\n**Product(s)**| **Version(s)**| **Remediation \n** \n---|---|--- \nSterling Connect Direct Web Services| 1.0| Apply 6.0.0.7, available on [Fix Central](<https://www.ibm.com/support/fixcentral/options?selectionBean.selectedTab=find&selection=ibm%2fOther+software%3bibm%2fOther+software%2fIBM+Connect%3aDirect+Web+Services> \"\" ) \nIBM Connect:Direct Web Services| 6.0| Apply 6.0.0.7, available on [Fix Central](<https://www.ibm.com/support/fixcentral/options?selectionBean.selectedTab=find&selection=ibm%2fOther+software%3bibm%2fOther+software%2fIBM+Connect%3aDirect+Web+Services> \"\" ) \nIBM Connect:Direct Web Services| 6.1| Apply 6.1.0.10, available on [Fix Central](<https://www.ibm.com/support/fixcentral/options?selectionBean.selectedTab=find&selection=ibm%2fOther+software%3bibm%2fOther+software%2fIBM+Connect%3aDirect+Web+Services> \"\" ) \nIBM Connect:Direct Web Services| 6.2| Apply 6.2.0.4, available on [Fix Central](<https://www.ibm.com/support/fixcentral/options?selectionBean.selectedTab=find&selection=ibm%2fOther+software%3bibm%2fOther+software%2fIBM+Connect%3aDirect+Web+Services> \"\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-01T19:14:48", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Connect:Direct Web Services", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2022-03-01T19:14:48", "id": "2A2A58428E1CBEC906EDF03B6BE46F0DACE2B4D3D28818B6FBEB79172EA7E315", "href": "https://www.ibm.com/support/pages/node/6560416", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:49:06", "description": "## Summary\n\nTXSeries for Multiplatforms has addressed the following vulnerabilities reported by IBM\u00ae Runtime Environment Java\u2122 \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM TXSeries for Multiplatforms| 8.2 \nIBM TXSeries for Multiplatforms| 9.1 \n \n## Remediation/Fixes\n\nProduct\n\n| \n\nVersion\n\n| \n\nDefect\n\n| \n\nRemediation / First Fix \n \n---|---|---|--- \n \nIBM TXSeries for Multiplatforms v9.1\n\n| \n\n9.1.0.0 \n9.1.0.2\n\n| \n\n127572\n\n| Fix Central Link:[http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FTXSeries+for+Multiplatforms&fixids=TXSeries_91_SpecialFIX_Java_022022&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FTXSeries+for+Multiplatforms&fixids=TXSeries_91_SpecialFIX_Java_022022&source=SAR>) \n \nIBM TXSeries for Multiplatforms v8.2\n\n| \n\n8.2.0.0 \n8.2.0.1 \n8.2.0.2\n\n| \n\n127572\n\n| Fix Central Link: [http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FTXSeries+for+Multiplatforms&fixids=TXSeries_82_SpecialFIX_Java_022022&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FTXSeries+for+Multiplatforms&fixids=TXSeries_82_SpecialFIX_Java_022022&source=SAR>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-23T09:09:50", "type": "ibm", "title": "Security Bulletin: A vulnerability in IBM Java Runtime affects TXSeries for Multiplatforms", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2022-02-23T09:09:50", "id": "DD0F134566603D6A0E5E50A163E031437D8715545DCC8A6A2285C28BD48328D0", "href": "https://www.ibm.com/support/pages/node/6558550", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:49:18", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Versions 7.0, 7.1 and 8.0 used by CICS Transaction Gateway. CICS Transaction Gateway has addressed the applicable CVEs. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the \"IBM Java SDK Security Bulletin\", located in the References section for more information.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s) \n** \n---|--- \nCICS Transaction Gateway| v8.0.0.0 \u2013 8.0.0.6 \nCICS Transaction Gateway| v8.1.0.0 \u2013 8.1.0.5 \nCICS Transaction Gateway| v9.0.0.0 \u2013 9.0.0.5 \nCICS Transaction Gateway| v9.1.0.0 \u2013 9.1.0.3 \nCICS Transaction Gateway| v9.2.0.0 \u2013 9.2.0.2 \n \n## Remediation/Fixes\n\n**Product**| **VRMF**| **APAR**| **Remediation / First Fix** \n---|---|---|--- \nCICS Transaction Gateway for Multiplatforms| 9.2.0.0 \n9.2.0.1 \n9.2.0.2| \n\nUpdated JRE's have been made available on Fix Central as Fix packs. \nAIX: [8.0.7-CICSTG-AIXpSeries32-JRE-SR0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FCICS+Transaction+Gateway+for+Multiplatforms&fixids=8.0.7-CICSTG-AIXpSeries32-JRE-SR0&source=SAR>) \nxLinux: [8.0.7-CICSTG-Linuxx8632-JRE-SR0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FCICS+Transaction+Gateway+for+Multiplatforms&fixids=8.0.7-CICSTG-Linuxx8632-JRE-SR0&source=SAR>) \npLinux: [8.0.7-CICSTG-LinuxpSeries32-JRE-SR0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FCICS+Transaction+Gateway+for+Multiplatforms&fixids=8.0.7-CICSTG-LinuxpSeries32-JRE-SR0&source=SAR>) \nzLinux: [8.0.7-CICSTG-LinuxzSeries31-JRE-SR0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FCICS+Transaction+Gateway+for+Multiplatforms&fixids=8.0.7-CICSTG-LinuxzSeries31-JRE-SR0&source=SAR>) \nWindows:[8.0.7-CICSTG-Windowsx8632-JRE-SR0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FCICS+Transaction+Gateway+for+Multiplatforms&fixids=8.0.7-CICSTG-Windowsx8632-JRE-SR0&source=SAR>)\n\n| [https://www-945.ibm.com/support/fixcentral/swg/identifyFixes?query.parent=ibm~Other%20software&query.product=ibm~WebSphere~CICS%20Transaction%20Gateway%20for%20Multiplatforms&query.release=9.2.0&query.platform=All](<https://www-945.ibm.com/support/fixcentral/swg/identifyFixes?query.parent=ibm%7EOther%20software&query.product=ibm%7EWebSphere%7ECICS%20Transaction%20Gateway%20for%20Multiplatforms&query.release=9.0.0&query.platform=All>) \nCICS Transaction Gateway for Multiplatforms| 9.1.0.0 \n9.1.0.1 \n9.1.0.2 \n9.1.0.3| \n\nUpdated JRE's have been made available on Fix Central as Fix packs. \nAIX: [7.1.5-CICSTG-AIXpSeries32-JRE-SR0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FCICS+Transaction+Gateway+for+Multiplatforms&fixids=7.1.5-CICSTG-AIXpSeries32-JRE-SR0&source=SAR>) \nxLinux: [7.1.5-CICSTG-Linuxx8632-JRE-SR0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FCICS+Transaction+Gateway+for+Multiplatforms&fixids=7.1.5-CICSTG-Linuxx8632-JRE-SR0&source=SAR>) \npLinux: [7.1.5-CICSTG-LinuxpSeries32-JRE-SR0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FCICS+Transaction+Gateway+for+Multiplatforms&fixids=7.1.5-CICSTG-LinuxpSeries32-JRE-SR0&source=SAR>) \nzLinux: [7.1.5-CICSTG-LinuxzSeries31-JRE-SR0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FCICS+Transaction+Gateway+for+Multiplatforms&fixids=7.1.5-CICSTG-LinuxzSeries31-JRE-SR0&source=SAR>) \nWindows: [7.1.5-CICSTG-Windowsx8632-JRE-SR0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FCICS+Transaction+Gateway+for+Multiplatforms&fixids=7.1.5-CICSTG-Windowsx8632-JRE-SR0&source=SAR>)\n\n| [https://www-945.ibm.com/support/fixcentral/swg/identifyFixes?query.parent=ibm~Other%20software&query.product=ibm~WebSphere~CICS%20Transaction%20Gateway%20for%20Multiplatforms&query.release=9.1.0&query.platform=All](<https://www-945.ibm.com/support/fixcentral/swg/identifyFixes?query.parent=ibm%7EOther%20software&query.product=ibm%7EWebSphere%7ECICS%20Transaction%20Gateway%20for%20Multiplatforms&query.release=9.0.0&query.platform=All>) \nCICS Transaction Gateway for Multiplatforms| \n\n9.0.0.0 \n9.0.0.1 \n9.0.0.2 \n9.0.0.3 \n9.0.0.4\n\n9.0.0.5 \n8.1.0.0 \n8.1.0.1 \n8.1.0.2 \n8.1.0.3 \n8.1.0.4 \n8.1.0.5 \n8.0.0.0 \n8.0.0.1 \n8.0.0.2 \n8.0.0.3 \n8.0.0.4 \n8.0.0.5 \n8.0.0.6\n\n| Updated JRE's have been made available on Fix Central as Fix packs. \nSolaris: [7.0.11-CICSTG-SolarisSPARC32-JRE-SR0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FCICS+Transaction+Gateway+for+Multiplatforms&fixids=7.0.11-CICSTG-SolarisSPARC32-JRE-SR0&source=SAR>) \nAIX: [7.0.11-CICSTG-AIXpSeries32-JRE-SR0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FCICS+Transaction+Gateway+for+Multiplatforms&fixids=7.0.11-CICSTG-AIXpSeries32-JRE-SR0&source=SAR>) \nxLinux: [7.0.11-CICSTG-Linuxx8632-JRE-SR0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FCICS+Transaction+Gateway+for+Multiplatforms&fixids=7.0.11-CICSTG-Linuxx8632-JRE-SR0&source=SAR>) \npLinux: [7.0.11-CICSTG-LinuxpSeries32-JRE-SR0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FCICS+Transaction+Gateway+for+Multiplatforms&fixids=7.0.11-CICSTG-LinuxpSeries32-JRE-SR0&source=SAR>) \nzLinux: [7.0.11-CICSTG-LinuxzSeries31-JRE-SR0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FCICS+Transaction+Gateway+for+Multiplatforms&fixids=7.0.11-CICSTG-LinuxzSeries31-JRE-SR0&source=SAR>) \nWindows: [7.0.11-CICSTG-Windowsx8632-JRE-SR0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FCICS+Transaction+Gateway+for+Multiplatforms&fixids=7.0.11-CICSTG-Windowsx8632-JRE-SR0&source=SAR>)| [https://www-945.ibm.com/support/fixcentral/swg/identifyFixes?query.parent=ibm~Other%20software&query.product=ibm~WebSphere~CICS%20Transaction%20Gateway%20for%20Multiplatforms&query.release=9.0.0&query.platform=Al](<https://www-945.ibm.com/support/fixcentral/swg/identifyFixes?query.parent=ibm%7EOther%20software&query.product=ibm%7EWebSphere%7ECICS%20Transaction%20Gateway%20for%20Multiplatforms&query.release=9.0.0&query.platform=All>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-22T15:42:31", "type": "ibm", "title": "Security Bulletin: February 2022 :Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2022-02-22T15:42:31", "id": "F9AB06770448FA3E4FD25D51718E68EDF2A19C2ABF8D6E9BD3EB8FAE9FE904CC", "href": "https://www.ibm.com/support/pages/node/6558542", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:51:15", "description": "## Summary\n\nIBM Event Streams affected by multiple vulnerabilities in the Java runtime\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could provide weaker than expected security, caused by the failure to throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Event Streams| 2019.4.1, 2019.4.2, 2019.4.3, 2019.4.4 \nIBM Event Streams| 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.4.0 \n \n## Remediation/Fixes\n\n#### IBM Event Streams (Helm-based releases)\n\n * Download the 2019.4.5 release from [IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/IBM+Event+Streams&release=2019.4.1&platform=All&function=fixId&fixids=*IBM-Event-Streams*> \"IBM Fix Central\" ).\n * Upgrade to IBM Event Streams 2019.4.5 by following the [upgrading and migrating](<https://ibm.github.io/event-streams/2019.4/installing/upgrading/> \"upgrading and migrating\" ) documentation.\n\n**IBM Event Streams (Continuous Delivery)**\n\n * Upgrade to IBM Event Streams 10.5.0 by following the [upgrading and migrating](<https://ibm.github.io/event-streams/installing/upgrading/> \"\" ) documentation.\n\n**IBM Event Streams (Extended Update Support)**\n\n * Upgrade to IBM Event Streams 10.2.1 by following the [upgrading and migrating](<https://ibm.github.io/event-streams/10.2/installing/upgrading/> \"\" ) documentation.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-21T17:52:39", "type": "ibm", "title": "Security Bulletin: IBM Event Streams affected by multiple vulnerabilities in the Java runtime", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2021-12-21T17:52:39", "id": "6A8A55C743F5391D7D369C906B376DD9C530FA03543B845C860F8EB78AB3CB9C", "href": "https://www.ibm.com/support/pages/node/6523752", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:42:13", "description": "## Summary\n\nMultiple vulnerabilities have been identified in Oracle October 2021 CPU for Java 8 which is shipped with IBM\u00ae Intelligent Operations Center. Information about these vulnerabilities affecting IBM\u00ae Intelligent Operations Center have been published and addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIntelligent Operations Center (IOC)| 5.1.0, 5.1.0.2 ,5.1.0.3, 5.1.0.4, 5.1.0.6, 5.2, 5.2.1, 5.2.2 \n \n\n\n## Remediation/Fixes\n\nThe recommended solution is to apply an interim fix that contains the fix for this issue as soon as practical. \n\nDownload the IBM Intelligent Operations Center Version 5.2.3 is an upgrade to IBM Intelligent Operations Center Version 5.2.2 through IBM Intelligent Operations Center Version 5.2 from the following link:\n\n[IBM Intelligent Operations Center Version 5.2.3](<https://www.ibm.com/support/pages/node/6610605> \"IBM Intelligent Operations Center Version 5.2.3\" )\n\nInstallation instructions for the fix are included in the readme document that is in the fix package.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-07T13:49:20", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities have been identified in Oracle October 2021 CPU for Java 8 shipped with IBM\u00ae Intelligent Operations Center (CVE-2021-35560, CVE-2021-35586, CVE-2021-35578, CVE-2021-35564, CVE-2021-35559, CVE)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2022-09-07T13:49:20", "id": "794A981FD399EBD5536657DBAF1DAE711E990ACD594281258C7EF973CE9C1B38", "href": "https://www.ibm.com/support/pages/node/6618733", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:46:00", "description": "## Summary\n\nThere are multiple security vulnerabilities that are addressed in the IBM\u00ae SDK Java Technology Edition, October 2021 CPU, found in the IBM\u00ae Runtime Environment Java\u2122 used by IBM License Key Server Administration and Reporting Tool and its Agent.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\n**Affected Product(s) **| **Version(s)** \n---|--- \nART | 8.1.6.5 \nART| 9.0 \nAgent| 8.1.6.5 \nAgent| 9.0 \n \n\n\n## Remediation/Fixes\n\nObtain the latest Java JRE CPU update for the IBM Java SDK using the following information. \n\n * For all releases upgrade to: JRE 8.0.7 or newer\n * Upgrade your JRE following the instructions in the link below:\n * [Upgrading the JRE for a WebSphere Liberty installation](<https://www.ibm.com/support/pages/node/511171#liberty> \"Upgrading the JRE for a WebSphere Liberty installation\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2022-05-30T08:58:49", "type": "ibm", "title": "Security Bulletin: The IBM\u00ae SDK Java Technology Edition, October 2021 CPU affect IBM Common Licensing (CVE-2021-35560, CVE-2021-35586, CVE-2021-35578, CVE-2021-35564, CVE-2021-35559, CVE-2021-35556, CVE-2021-35565, CVE-2021-35588, CVE-2021-41035)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2022-05-30T08:58:49", "id": "8C4F67608FEEA7D395961B2737700E09B046F0F2AB8413387D3DBB8052E1F670", "href": "https://www.ibm.com/support/pages/node/6590825", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-28T01:50:52", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 1.8 and IBM\u00ae Runtime Environment Java\u2122 Version 1.8 used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could provide weaker than expected security, caused by the failure to throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nRFT| 9.1 \nRFT| 9.2 \nRFT| 9.5 \n \n\n\n## Remediation/Fixes\n\n**Product**| **Version**| **APAR**| **Remediation/ Fix** \n---|---|---|--- \nRFT| 9.1 - 9.1.1.1, and 9.2 - 9.5| None| Download IBM SDK, Java Technology Edition, Version 8R0 Service Refresh 7 Fix Pack 0 from the Fix Central and apply it. \n\n[https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Functional+Tester&platform=All&function=fixId&fixids=Rational-RFT-JavaPatch-Java8SR7FP0&includeRequisites=1&includeSupersedes=0&downloadMethod=http](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Functional+Tester&platform=All&function=fixId&fixids=Rational-RFT-JavaPatch-Java8SR7FP0&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-05T12:34:18", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2022-01-05T12:34:18", "id": "69705B1BAA4873CD6D3DFD5DA7B7341D01826FFE51F39B2692ADF931198AF4EF", "href": "https://www.ibm.com/support/pages/node/6538366", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:51:12", "description": "## Summary\n\nThere are multiple vulnerabilities in the IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM Java SDK updates in October 2021.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could provide weaker than expected security, caused by the failure to throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM Java SDK shipped with IBM WebSphere Application Server Patterns 1.0.0.0 through 1.0.0.7 and 2.2.0.0 through 2.3.3.4.\n\n \n\n\n## Remediation/Fixes\n\nPlease see the [IBM Java SDK Security Bulletin for WebSphere Application Server](<https://www.ibm.com/support/pages/node/6520468> \"IBM Java SDK Security Bulletin for WebSphere Application Server\" ) to determine which WebSphere Application Server versions are affected and to obtain the JDK fixes. The interim fix[ 1.0.0.0-WS-WASPATTERNS-JDK-2110 ](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/WebSphere+Application+Server+Patterns&release=All&platform=All&function=fixId&fixids=1.0.0.0-WS-WASPATTERNS-JDK-2110&includeSupersedes=0> \"1.0.0.0-WS-WASPATTERNS-JDK-2110\" )can be used to apply the October 2021 SDK iFixes in a PureApplication or Cloud Pak System Environment. \n\nDownload and apply the interim fix [1.0.0.0-WS-WASPATTERNS-JDK-2110](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/WebSphere+Application+Server+Patterns&release=All&platform=All&function=fixId&fixids=1.0.0.0-WS-WASPATTERNS-JDK-2110&includeSupersedes=0> \"1.0.0.0-WS-WASPATTERNS-JDK-2110\" )[.](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/WebSphere+Application+Server+Patterns&release=All&platform=All&function=fixId&fixids=1.0.0.0-WS-WASPATTERNS-JDK-2107&includeSupersedes=0> \"\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-21T20:06:47", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server October 2021 CPU that is bundled with IBM WebSphere Application Server Patterns", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2021-12-21T20:06:47", "id": "8F23BC6F6ACA48595EF36AF6F16485F638D8F0C8C7CEDC0710915E2F920BADF1", "href": "https://www.ibm.com/support/pages/node/6529490", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:38:27", "description": "## Summary\n\nThere are multiple vulnerabilities in the IBM\u00ae SDK, Java\u2122 Technology Edition that is shipped with Liberty for Java for IBM Cloud. These might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVEs. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities is applicable to your code. For a complete list of vulnerabilities, refer to the link for \"IBM Java SDK Security Bulletin\" located in the References section for more information.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nThese vulnerabilities affect all versions of Liberty for Java in IBM Cloud up to and including v3.65.\n\n \n\n\n## Remediation/Fixes\n\nTo upgrade to Liberty for Java v3.65-20220106-0934 or higher, you must re-stage or re-push your application \n\nTo find the current version of Liberty for Java in IBM Cloud being used, from the command-line Cloud Foundry client by running the following commands:\n\ncf ssh <appname> -c \"cat staging_info.yml\"\n\nLook for the following lines:\n\n{\u201cdetected_buildpack\u201d:\u201cLiberty for Java(TM) (WAR, liberty-21.0.0_12, buildpack-v3.65-20220106-0934, ibmjdk-1.8.0_sr7-20211025, env)\u201c,\u201dstart_command\u201d:\u201c.liberty/initial_startup.rb\u201d}\n\nTo re-stage your application using the command-line Cloud Foundry client, use the following command:\n\ncf restage <appname>\n\nTo re-push your application using the command-line Cloud Foundry client, use the following command:\n\ncf push <appname>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-07T16:01:56", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affect Liberty for Java for IBM Cloud October 2021 CPU", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2022-10-07T16:01:56", "id": "9B2D2564719ED56C3141552F55FEB8199EA6F22D5AB26D33E706D1E459A1EAE6", "href": "https://www.ibm.com/support/pages/node/6550514", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:50:16", "description": "## Summary\n\nIBM Rational Build Forge version 8.0 to 8.0.0.20 is affected by the Java version used in it. CVE-2021-35560, CVE-2021-35586, CVE-2021-35578, CVE-2021-35564, CVE-2021-35559, CVE-2021-35556, CVE-2021-35565, CVE-2021-35588, CVE-2021-41035\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could provide weaker than expected security, caused by the failure to throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nBuild Forge| 8.0 - 8.0.0.20 \n \n## Remediation/Fixes\n\nYou must download the fix pack specified in the following table and apply it.\n\n**Affected Supporting Product(s)**\n\n| \n\n**Remediation/Fix** \n \n---|--- \n \nIBM Rational Build Forge 8.0 to 8.0.0.20\n\n| \n\n[Download](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Build+Forge&fixids=RationalBuildForge-8.0.0.21&source=SAR> \"Download\" ) IBM Rational Build Forge 8.0.0.21.\n\nThe Fix includes IBMJDK-Version-8.0.7.0 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-17T18:16:07", "type": "ibm", "title": "Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Java version used in it.(CVE-2021-35560, CVE-2021-35586, CVE-2021-35578, CVE-2021-35564, CVE-2021-35559, CVE-2021-35556, CVE-2021-35565, CVE-2021-35588, CVE-2021-41035)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2022-01-17T18:16:07", "id": "C2237C9E392140DF345D4F27313E311319950EA31DDC914C3D14593CDDC6E954", "href": "https://www.ibm.com/support/pages/node/6541318", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:47:59", "description": "## Summary\n\nMultiple vulnerabilities has been identified in IBM Java. IBM SDK, Java Technology Edition Quarterly CPU - Oct 2021 - Includes Oracle October 2021 CPU (CVE-2021-35560, CVE-2021-35586, CVE-2021-35578, CVE-2021-35564, CVE-2021-35559, CVE-2021-35556, CVE-2021-35565, CVE-2021-35588, CVE-2021-41035). Copy Services Manager has a dependency on Java. Version CSM 6.3.1 and prior are therefore exposed by this vulnerability. CSM 6.3.2 ships an embedded version of Java that addresses these issues.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Copy Services Manager| 6.3.1 and below \n \n## Remediation/Fixes\n\nUpgrade to Copy Services Manager 6.3.2 to pick up an updated version of embedded Java.\n\n_Product_\n\n| \n\n_VRMF_\n\n| \n\n_ _Remediation / Fix Location__ \n \n---|---|--- \n \n_Copy Services Manager_\n\n| \n\n_6.3.1_\n\n| \n\n<https://www.ibm.com/support/pages/latest-downloads-ibm-copy-services-manager> \n \n_Copy Services Manager_\n\n| \n\n_versions prior to 6.3.1_\n\n| \n\n_Upgrade fix pack maintenance or PTF to get the fix._ \n \n**CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: <https://exchange.xforce.ibmcloud.com/vulnerabilities/211636> for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: <https://exchange.xforce.ibmcloud.com/vulnerabilities/211654> for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n**DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: <https://exchange.xforce.ibmcloud.com/vulnerabilities/212010> for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-01T23:21:42", "type": "ibm", "title": "Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2021 - Includes Oracle October 2021 CPU", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2022-04-01T23:21:42", "id": "346D16D569E536E3964A478E60D04C937A6400863FF298D85DCA3B0FBF6C0DAD", "href": "https://www.ibm.com/support/pages/node/6563467", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:47:16", "description": "## Summary\n\nSecurity Vulnerabilities affect IBM Cloud Private - Java\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Private| 3.2.1 CD \nIBM Cloud Private| 3.2.2 CD \n \n\n\n## Remediation/Fixes\n\nProduct defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages \n\n * IBM Cloud Private 3.2.1\n * IBM Cloud Private 3.2.2\n\nFor IBM Cloud Private 3.2.1, apply fix pack:\n\n * [IBM Cloud Private 3.2.1.2203](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.1.2203-build601095-48411&includeSupersedes=0> \"IBM Cloud Private 3.2.1.2203\" )\n\n \n\n\nFor IBM Cloud Private 3.2.2, apply fix pack:\n\n * [IBM Cloud Private 3.2.2.2203](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-3.2.2.2203-build601096-48413&includeSupersedes=0> \"IBM Cloud Private 3.2.2.2203\" )\n\n \nFor IBM Cloud Private 3.1.0, 3.1.1, 3.1.2, 3.2.0\n\n * Upgrade to the latest Continuous Delivery (CD) update package, IBM Cloud Private 3.2.2. \n * If required, individual product fixes can be made available between CD update packages for resolution of problems. Contact IBM support for assistance\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-22T20:42:04", "type": "ibm", "title": "Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Java (Multiple CVEs)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2022-04-22T20:42:04", "id": "98E8ADB651CF5B20F85CF20BB2FAAACC7499AD8FB4A7166A169BB9B439D8FE6B", "href": "https://www.ibm.com/support/pages/node/6574513", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:48:42", "description": "## Summary\n\nAn unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. Some unspecified vulnerabilities in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nDB2 Recovery Expert for LUW| 5.5 \nDB2 Recovery Expert for LUW| 5.5 IF1 \nDB2 Recovery Expert for LUW| 5.5 IF2 \nDB2 Recovery Expert for LUW| 5.5.0.1 \nDB2 Recovery Expert for LUW| 5.5.0.1 IF1 \nDB2 Recovery Expert for LUW| 5.5.0.1 IF2 \n \n\n\n## Remediation/Fixes\n\nThe product needs to be installed or upgraded to the latest available level using the [5.5.0.1 IF3](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EInformation%20Management&product=ibm/Information+Management/DB2+Recovery+Expert+for+Linux+UNIX+and+Windows&release=5.5.0.1&platform=All&function=all> \"5.5.0.1 IF3\" ) version available from Fix Central.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-06T02:52:38", "type": "ibm", "title": "Security Bulletin: Some unspecified vulnerabilities in Java SE result in the unauthenticated attacker to take control of the system or some impact", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2022-03-06T02:52:38", "id": "353C11DEDE2BBD8E7000E0CF953F60CB8C7B4563DD5B8B7B0C575FA40010F5E7", "href": "https://www.ibm.com/support/pages/node/6561577", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:48:43", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Versions. Sterling Connect:Direct Browser User Interface has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nSterling Connect:Direct Browser User Interface| 1.5.0.2 \nSterling Connect:Direct Browser User Interface| 1.4.1.1 \n \n\n\n## Remediation/Fixes\n\n**Product**| **Version**| **Fix/Remediation \n** \n---|---|--- \nSterling Connect:Direct Browser User Interface| 1.5.0.2| Apply 1.5.0.2 iFix-31, available in cumulative iFix030 on [Fix Central](<https://www.ibm.com/support/fixcentral/options?selectionBean.selectedTab=find&selection=ibm%2fOther+software%3bibm%2fOther+software%2fSterling+Connect%3aDirect+Browser+User+Interface> \"\" ) \nSterling Connect:Direct Browser User Interface| 1.4.1.1| Apply 1.5.0.2 iFix-31, available in cumulative iFix030 on [Fix Central](<https://www.ibm.com/support/fixcentral/options?selectionBean.selectedTab=find&selection=ibm%2fOther+software%3bibm%2fOther+software%2fSterling+Connect%3aDirect+Browser+User+Interface> \"\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-03T20:04:41", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Sterling Connect:Direct Browser User Interface", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2022-03-03T20:04:41", "id": "A1172CC7FA385234D898CA63D8E4EB83D2025D25C3CBCD37454679EE62F294F3", "href": "https://www.ibm.com/support/pages/node/6561041", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:36:29", "description": "## Summary\n\nSeveral vulnerabilities in Java SE affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data. Please see the vulnerability details and apply the suggested remediation/Fixes listed below.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.0.0 - 4.0.5 \n \n\n\n## Remediation/Fixes\n\nInstall the latest version of IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data: \n\n**IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.0.6**\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-12T21:59:00", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Java SE affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2023-01-12T21:59:00", "id": "839E4940A709DA7491A103F6A8FEB60A1B4120977A1D18A14F60C1482D3F81D7", "href": "https://www.ibm.com/support/pages/node/6559324", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:48:17", "description": "## Summary\n\nIBM License Metric Tool is vulnerable to attacks related to Java TLS vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM License Metric Tool| All \n \n \n \n\n\n \n\n\n## Remediation/Fixes\n\nUpgrade ILMT Server to version 9.2.27 or later using the following procedure: \n<https://www.ibm.com/docs/en/license-metric-tool?topic=tool-upgrading-latest-version>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-23T15:41:27", "type": "ibm", "title": "Security Bulletin: A vulnerability in Java affects IBM License Metric Tool v9 (CVE-2021-35578).", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2022-03-23T15:41:27", "id": "6C757A1C91E04FB4B501BD38ACC2F9B1632B8D11F4A1B1CE217A4940A24C149C", "href": "https://www.ibm.com/support/pages/node/6565729", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:41:14", "description": "## Summary\n\nWebSphere Application Server traditional is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Enterprise Service Bus. WebSphere Application Server Liberty profile is shipped as a component of IBM Business Automation Workflow and IBM Business Process Manager. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional and Liberty profile have been published in a security bulletin.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could provide weaker than expected security, caused by the failure to throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Business Automation Workflow| V21.0 \nV20.0 \nV19.0 \nV18.0 \nIBM Business Process Manager| V8.6 \nV8.5 \n \nFor earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.\n\nNote that Cumulative Fixes cannot automatically install interim fixes for the base Application Server. It is important to follow the complete installation instructions and manually ensure that recommended security fixes are installed.\n\n \n\n\n## Remediation/Fixes\n\nPlease consult the security bulletin: [Multiple Vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server October 2021 CPU](<https://www.ibm.com/support/pages/node/6520468> \"Multiple Vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server October 2021 CPU\" ) for vulnerability details and information about fixes. \n\nAdditionally, IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Enterprise Service Bus might be affected by the following vulnerability:\n\n**CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: <https://exchange.xforce.ibmcloud.com/vulnerabilities/211661> for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-14T15:28:14", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products Java CPU October 2021", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2022-09-14T15:28:14", "id": "5879CF9AABE7F86F632F6DCAC57E7EBB01F8CE44EC1726EC43A98BEA1F62260A", "href": "https://www.ibm.com/support/pages/node/6525758", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:48:42", "description": "## Summary\n\nIBM SDK, Java Technology Edition Quarterly CPU includes all applicable Java SE CVEs published by Oracle as part of their Quarterly CPU. This IBM SDK, Java Technology EditionQuarterly Update also covers one additional OpenJ9 CVE: CVE-2021-41035. The relevant CVEs ( CVE-2021-35560, CVE-2021-35586, CVE-2021-35578, CVE-2021-35564, CVE-2021-35559, CVE-2021-35556, CVE-2021-35565, CVE-2021-35588, CVE-2021-41035 ) in IBM\u00ae SDK, Java\u2122 Technology Edition affect IBM Operations Analytics Predictive Insights 1.3.6 or earlier.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Operations Analytics Predictive Insights| 1.3.3 \nIBM Operations Analytics Predictive Insights| 1.3.5 \nIBM Operations Analytics Predictive Insights| 1.3.6 \n \n\n\n## Remediation/Fixes\n\n**Affected Product(s)**| Version(s)| **Remediation/Fixes** \n---|---|--- \nIBM Operations Analytics Predictive Insights| 1.3.3| See Workaround A \nIBM Operations Analytics Predictive Insights| 1.3.5| See Workaround A \nIBM Operations Analytics Predictive Insights| 1.3.6| See Workaround B \n \n## Workarounds and Mitigations\n\nInstallation Instructions \u2013 Workaround A \n\\------------------------------------------------------- \nAs the user that installed the Predictive Insights UI component, e.g. scadmin \n\n1\\. Download the latest [1.3.6 iFix](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Predictive+Insights&release=1.3.6> \"1.3.6 iFix\" ) from FixCentral and apply an upgrade of the UI component only, so that the UI becomes a 1.3.6 UI. \n2\\. Continue with workaround B\n\nRemove Update Instructions \u2013 Workaround A \n\\-------------------------------------------------------------- \nAs the user that installed the Predictive Insights UI component, e.g. scadmin \n1\\. rollback the iFix that was applied, by executing './patch_PI_UI_136_iFix3.sh -rollback'. \n\nInstallation Instructions \u2013 Workaround B \n\\-------------------------------------------------------\n\nTo benefit from latest fixes and 3rd party libraries upgrade to latest [1.3.6 iFix](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Predictive+Insights&release=1.3.6> \"1.3.6 iFix\" )\n\nAs the user that installed the Predictive Insights UI component, e.g. scadmin \n1\\. Download ibm-java-sdk-8.0-7.0-linux-x86_64.tgz(157.53 MB) file from Fix Central - [IBM SDK, Java(TM) Technology Edition, Version 8.0.7.0 for Linux 64-bit on Intel/ AMD, packaged as ibm-java-sdk-8.0-.7.0-linux-x86_64.tgz for WebSphere Liberty using archives.](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm/WebSphere&product=ibm/WebSphere/WebSphere%20Liberty&release=All&platform=All&function=fixId&fixids=8.0.7.0-JavaSE-SDK-linux-x64-archive&includeSupersedes=0&source=fc> \"IBM SDK, Java\$TM\$ Technology Edition, Version 8.0.7.0 for Linux 64-bit on Intel/ AMD, packaged as ibm-java-sdk-8.0-.7.0-linux-x86_64.tgz for WebSphere Liberty using archives.\" ) \n2\\. As the user that installed the Predictive Insights UI, stop the UI server used by IBM Operations Analytics Predictive Insights \n<UI_HOME>/bin/pi.sh -stop \nwhere UI_HOME is typically /opt/IBM/scanalytics/UI \n3\\. cd <UI_HOME> \n4\\. Rename JAVA SDK installation folder \nmv ibm-java-x86_64-80 ibm-java-x86_64-80_orig \n5\\. As the root user, or a user with sudo access, copy ibm-java-sdk-8.0-7.0-linux-x86_64.tgz into the <UI_HOME> folder. Then, if necessary, change the ownership of the new ibm-java-sdk-8.0-7.0-linux-x86_64.tgz SDK file. \ne.g. chown scadmin:scadmin /opt/IBM/scanalytics/UI/ibm-java-sdk-8.0-7.0-linux-x86_64.tgz \n6\\. Uncompress and untar the file. E.g. tar -xzvf ibm-java-sdk-8.0-7.0-linux-x86_64.tgz \nThis will create a new ibm-java-x86_64-80 in <UI_HOME> \n7\\. As the user that installed the Predictive Insights UI, start the UI server \n<UI_HOME>/bin/pi.sh -start\n\n_Remove Update Instructions \u2013 Workaround B_ \n\\-------------------------------------------------------------- \nAs the user that installed the Predictive Insights UI component, e.g. scadmin \n1\\. As the user that installed the Predictive Insights UI, stop the UI server used by IBM Operations Analytics Predictive Insights \n<UI_HOME>/bin/pi.sh -stop \n2\\. As the root user, or a user with sudo access, run the ibm-java-x86_64-sdk-8.0-6.26.bin and follow the prompts to uninstall the Java that was installed to <UI_HOME> \n3\\. As the user that installed the Predictive Insights UI, replace the JAVA SDK installation folder with the original \nmv ibm-java-x86_64-80_orig ibm-java-x86_64-80 \n4\\. As the user that installed the Predictive Insights UI, start UI server \n<UI_HOME>/bin/pi.sh -start\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-04T20:16:43", "type": "ibm", "title": "Security Bulletin: IBM Operations Analytics Predictive Insights is vulnerable to multiple vulnerabilities due to the use of IBM SDK, Java Technology Edition.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2022-03-04T20:16:43", "id": "4A9928CA8DF2301D156918E8B6459559A82E776F96B450859D7B3992507232A5", "href": "https://www.ibm.com/support/pages/node/6561337", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:50:28", "description": "## Summary\n\nSecurity Bulletin provides IBM DataQuant users with instructions for updating to Java 8.0.7.0\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could provide weaker than expected security, caused by the failure to throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nDataQuant for z/OS| 2.1 \n \n\n\n## Remediation/Fixes\n\nPlease see 'Workarounds and Mitigations'\n\n## Workarounds and Mitigations\n\n**Below are the steps to update JRE in DataQuant:**\n\n 1. Close DataQuant.\n 2. Download JRE (IBM_DevelopmentPackage_for_Eclipse_Win_X86_32_6.6.15) and extract the files to a temporary location.\n 3. Replace **jre** folder at the install directory location \u2013> \u201cC:\\Program Files\\IBM\\IBM DataQuant\\DataQuant for Workstation\u201d. Replace with contents in step # 2.\n 4. Download eclipse oxygen from <https://www.eclipse.org/downloads/download.php?file=/technology/epp/downloads/release/oxygen/3a/eclipse-jee-oxygen-3a-win32-x86_64.zip>\n 5. Extract the eclipse oxygen and copy the plugin - org.apache.jasper.glassfish_2.2.2.v201501141630.jar from eclipse-jee-oxygen-3a-win32-x86_64\\eclipse\\plugins\n 6. Copy org.apache.jasper.glassfish_2.2.2.v201501141630.jar in the folder where DataQuant is installed - C:\\Program Files (x86)\\IBM\\IBM DataQuant\\DataQuant for Workstation\\plugins\n 7. Delete the older plugin org.apache.jasper.glassfish_2.2.2.v201205150955.jar from the DataQuant install directory\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-14T11:47:21", "type": "ibm", "title": "Security Bulletin: IBM SDK Java 8.0.7.0 Update for IBM DataQuant", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2022-01-14T11:47:21", "id": "881325FD02A11D222F8C6387D2AE6C395F5DB0E807D0D6809EDA591A93C5ECA9", "href": "https://www.ibm.com/support/pages/node/6540918", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:50:08", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition and IBM\u00ae Runtime Environment Java\u2122 used by IBM i. IBM i has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could provide weaker than expected security, caused by the failure to throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM i| 7.4 \nIBM i| 7.3 \nIBM i| 7.2 \nIBM i| 7.1 \n \n\n\n## Remediation/Fixes\n\nThe issue can be fixed by applying a PTF to the IBM i Operating System. \n\nReleases 7.4, 7.3, 7.2, and 7.1 of IBM i will be fixed. \nPlease see the Java document at this URL for the latest Java information for IBM i: \n<https://www.ibm.com/support/pages/java-ibm-i>\n\nThe IBM i Group PTF numbers containing the fix for these CVEs follow. Future Group PTFs for Java will also contain the fixes for these CVEs.\n\n**Release 7.4 \u2013 SF99665 level 13 \nRelease 7.3 \u2013 SF99725 level 24 \nRelease 7.2 \u2013 SF99716 level 34 \nRelease 7.1 \u2013 SF99572 level 48**\n\n**Important note: _IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products._**\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the \"IBM Java SDK Security Vulnerabilities\", located in the References section for more information.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-21T22:22:58", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-41035"], "modified": "2022-01-21T22:22:58", "id": "63BFD56A20DF5C6BBB89FA5B088532EA82325527013281FEBA89C17DFB719437", "href": "https://www.ibm.com/support/pages/node/6549910", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:49:01", "description": "## Summary\n\nIBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Java.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWatson Discovery| 4.0.0-4.0.5 \nWatson Discovery| 2.0.0-2.2.1 \n \n\n\n## Remediation/Fixes\n\nUpgrade to IBM Watson Discovery 4.0.6 \n\nUpgrade to IBM Watson Discovery 2.2.1 and apply cpd-watson-discovery-2.2.1-patch-8\n\n<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install>\n\n<https://www.ibm.com/support/pages/available-patches-watson-discovery-ibm-cloud-pak-data>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-23T17:54:10", "type": "ibm", "title": "Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Java", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2022-02-23T17:54:10", "id": "56059B5F100C5E301BB59AD5348AE0EC5BCA358A66862D4869D7C227806A00F9", "href": "https://www.ibm.com/support/pages/node/6556970", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:49:21", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 ,version 8, that is used by IBM Tivoli Composite Application Manager for Transactions - Robotic Response Time. These issues were disclosed as part of the IBM Java SDK updates in October 2021.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nITCAM for Transactions| 7.4.0.x \n \n\n\n## Remediation/Fixes\n\n**Product Name**| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nITCAM for Transactions| 7.4.0.x| | 7.4.0.1-TIV-CAMRT-IF0057 for different platforms: \n\n[7.4.0.1-TIV-CAMRT-AIX-IF0057](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FTivoli+Composite+Application+Manager+for+Transactions&fixids=7.4.0.1-TIV-CAMRT-AIX-IF0057&source=SAR&function=fixId&parent=Tivoli%20Composite%20Application%20Manager> \"7.4.0.1-TIV-CAMRT-AIX-IF0057\" )\n\n[7.4.0.1-TIV-CAMRT-LINUX-IF0057](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FTivoli+Composite+Application+Manager+for+Transactions&fixids=7.4.0.1-TIV-CAMRT-LINUX-IF0057&source=SAR&function=fixId&parent=Tivoli%20Composite%20Application%20Manager> \"7.4.0.1-TIV-CAMRT-LINUX-IF0057\" )\n\n[7.4.0.1-TIV-CAMRT-WINDOWS-IF0057](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FTivoli+Composite+Application+Manager+for+Transactions&fixids=7.4.0.1-TIV-CAMRT-WINDOWS-IF0057&source=SAR&function=fixId&parent=Tivoli%20Composite%20Application%20Manager> \"7.4.0.1-TIV-CAMRT-WINDOWS-IF0057\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-21T09:00:07", "type": "ibm", "title": "Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2021 - Includes Oracle October 2021 CPU (minus CVE-2021-35550/35561/35603) plus CVE-2021-41035 affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35550", "CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2022-02-21T09:00:07", "id": "6F7048922D8A61251457955B080494180F71E1A62BD73A89D05AFA035062139D", "href": "https://www.ibm.com/support/pages/node/6558182", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:47:36", "description": "## Summary\n\nIBM\u00ae SDK Java\u2122 Technology Edition, is used by IBM Tivoli Application Dependency Discovery Manager (TADDM) and is vulnerable to a denial of service (CVE-2021-35560, CVE-2021-35586, CVE-2021-35578, CVE-2021-35564, CVE-2021-35559, CVE-2021-35556, CVE-2021-35565, CVE-2021-35588, CVE-2021-41035, CVE-2021-2341).\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-2341](<https://vulners.com/cve/CVE-2021-2341>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205768](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205768>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Application Dependency Discovery Manager| 7.3.0.0-7.3.0.9 \n \n## Remediation/Fixes\n\nIn order to fix this vulnerability, java is to be upgraded to 8.0.7.0 for TADDM versions 7.3.0.5 - 7.3.0.9 or to 7.0.11.0 for TADDM versions 7.3.0.3 - 7.3.0.4.\n\nCheck java version installed on TADDM servers using the below command:\n\n$COLLATION_HOME/external/<jdk- folder according to OS>/bin/java -version\n\n * For TADDM 7.3.0.5 - 7.3.0.9 (JAVA 8), if the above command output contains **\"SR6 FP10\"** or \"**8.0.6.10**\" or Higher as build in Java(TM) SE Runtime Environment information, apply efix for the new IBM SDK only, **efix_jdk8.0.7.0_FP8201126.zip** given in Table-1 below.\n * For TADDM 7.3.0.3 - 7.3.0.4 (JAVA 7), if the above command output contains **\"SR10 FP65\"** or \"**7.0.10.65**\" or Higher as build in Java(TM) SE Runtime Environment information, apply efix for the new IBM SDK only, **efix_jdk7.0.11.0_FP420171214.zip** given in Table-1 below.\n * For all other cases,\n\nThe remediation consists of 2 steps:\n\n 1. Please contact IBM Support and open a case for a custom version of eFix \"**customJDK8.0.6.10**\" as this efix involves TADDM code changes. Include the current eFix level (ls -rlt etc/efix*), TADDM version and a link to this bulletin.\n 2. Alongwith the above efix, apply efix for the new IBM SDK as per TADDM version given in table below.\n\n**Table-1:**\n\nPlease get familiar with the eFix readme in etc/efix_readme.txt. These fixes for the respective FixPack(s) can be downloaded and applied directly.\n\n**Fix**| \n\n**VRMF **\n\n| **APAR**| **How to acquire fix** \n---|---|---|--- \nefix_jdk8.0.7.0_FP8201126.zip| \n\n7.3.0.5 - 7.3.0.9\n\n| None| [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=SozpJeqYTzClv6Cp9cbH1ZHXNwEvHscLrg6Murqk1Wk> \"Download eFix\" ) \nefix_jdk7.0.11.0_FP420171214.zip| \n\n7.3.0.3 - 7.3.0.4 \n\n| None| [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=Guel9Ul9baMd7e3Xg3T9FCkNa7mNQY2iSkHIJNEud6g> \"Download eFix\" ) \n \n**Table-2:**\n\nBelow are the JREs :\n\n**Fix**| \n\n**VRMF **\n\n| **APAR**| **How to acquire fix** \n---|---|---|--- \nibm-java-jre-80-win-i386| \n\n7.3.0.5 - 7.3.0.8\n\n| None| [Download eFix](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Application+Dependency+Discovery+Manager&fixids=ibm-java-jre-80-win-i386&source=SAR> \"\" ) \nibm-java-jre-70-win-i386| \n\n7.3.0.3 - 7.3.0.4 \n\n| None| [Download eFix](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Application+Dependency+Discovery+Manager&fixids=ibm-java-jre-70-win-i386&source=SAR> \"Download eFix\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-19T14:56:37", "type": "ibm", "title": "Security Bulletin: Due to use of IBM SDK, Java Technology Edition, IBM Tivoli Application Dependency Discovery Manager (TADDM) is vulnerable to denial of service", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-2341", "CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2022-04-19T14:56:37", "id": "F7C19A7605675E9987440B6BF7B68981E4BF3E0D66DA301FB2606050CEF205B2", "href": "https://www.ibm.com/support/pages/node/6557216", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:48:00", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition used by IBM Integration Bus & IBM App Connect Enterprise. These issues were disclosed as part of the IBM Java SDK updates in October 2021.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Integration Bus V10, V10.0.0.0 - V10.0.0.25\n\nIBM App Connect Enterprise V11, V11.0.0.0 - V11.0.0.16\n\nIBM App Connect Enterprise V12, V12.0.1.0 -V12.0.3.0\n\n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.**\n\n**Product**\n\n| APAR| \n\n**Remediation / Fix** \n \n---|---|--- \nIBM App Connect Enterprise V12| IT39966 | \n\nInterim fix (for APAR IT39966 ) available here on [IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+Enterprise&release=12.0.3.0&platform=All&function=aparId&apars=IT39966> \"IBM Fix Central\" ) \n \nIBM App Connect Enterprise V11| IT39966 | \n\nInterim fix (for APAR IT39966 ) available here on [IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+App+Connect+Enterprise&release=11.0.0.16&platform=All&function=aparId&apars=IT39966> \"IBM Fix Central\" ) \n \nIBM Integration Bus V10 | \n\nIT39966 \n\n| \n\nInterim fix (for APAR IT39966 ) available here on [IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/Integration+Bus&release=10.0.0.25&platform=All&function=aparId&apars=IT39966> \"IBM Fix Central\" ) \n \n## Workarounds and Mitigations\n\nSame as above described in above Remediation/Fixes section\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-01T13:15:21", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterprise", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2022-04-01T13:15:21", "id": "2C907458D4293F40BA938B5C37F7CA09CEE0E4EAC6B0E4991B8E852D82D70B6C", "href": "https://www.ibm.com/support/pages/node/6568741", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:43:23", "description": "## Summary\n\nVulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8, that is used by IBM Workload Scheduler. This issue was disclosed as part of the Oracle October 2021 Critical Patch Update.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n**DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Workload Scheduler | 9.5 \nIBM Workload Scheduler | 9.4 \n \n## Remediation/Fixes\n\nAPAR IJ38962 has been opened to address Java vulnerability affecting IBM Workload Scheduler. \nThe following limited availability fixes for IJ38962 are available for download on FixCentral \n940-TIV-TWS-FP7-IJ38962 \nto be applied on top of Tivoli Workload Scheduler Distributed 9.4.0.07. \nApar IJ38962 is already included in IBM Workload Scheduler 9.5.0.06.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-08T15:42:45", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8, that is used by IBM Workload Scheduler.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35559", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2022-08-08T15:42:45", "id": "11F083F24789C00D831891F641CFFE8D7B6951720CDC22410E3BF22541DD5871", "href": "https://www.ibm.com/support/pages/node/6607167", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:49:04", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 7, 7.1, 8 used by AIX. AIX has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-2341](<https://vulners.com/cve/CVE-2021-2341>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205768](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205768>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nAIX| 7.1 \nAIX| 7.2 \nAIX| 7.3 \nVIOS| 3.1 \n \nThe following fileset levels (VRMF) are vulnerable, if the respective Java version is installed:\n\nFor Java7: Less than 7.0.0.700 \nFor Java7.1: Less than 7.1.0.500 \nFor Java8: Less than 8.0.0.700\n\nNote: To find out whether the affected Java filesets are installed on your systems, refer to the lslpp command found in AIX user's guide.\n\nExample: lslpp -L | grep -i java\n\n \n\n\n## Remediation/Fixes\n\nNote: Recommended remediation is to always install the most recent Java package available for the respective Java version. \n\nIBM SDK, Java Technology Edition, Version 7 Service Refresh 11 and subsequent releases:\n\n[32-bit](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+32-bit,+pSeries&function=all> \"32-bit\" )\n\n[64-bit](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+64-bit,+pSeries&function=all> \"64-bit\" )\n\nIBM SDK, Java Technology Edition, Version 7R1 Service Refresh 5 and subsequent releases:\n\n[32-bit](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+32-bit,+pSeries&function=all> \"32-bit\" )\n\n[64-bit](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+64-bit,+pSeries&function=all> \"64-bit\" )\n\nIBM SDK, Java Technology Edition, Version 8 Service Refresh 7 and subsequent releases:\n\n[32-bit](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=8.0.0.0&platform=AIX+32-bit,+pSeries&function=all> \"32-bit\" )\n\n[64-bit](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=8.0.0.0&platform=AIX+64-bit,+pSeries&function=all> \"64-bit\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-23T15:05:16", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-2341", "CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-41035"], "modified": "2022-02-23T15:05:16", "id": "797C010D7F91BFD9A4AED687662A3AD4BBC6C570591ECDE2F84EA7CAFC728939", "href": "https://www.ibm.com/support/pages/node/6558908", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:48:05", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVE.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Netcool Impact| 7.1.0 \n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| APAR| Remediation \n---|---|---|--- \nIBM Tivoli Netcool Impact 7.1.0| 7.1.0.25| IJ36336| Upgrade to [IBM Tivoli Netcool Impact 7.1.0 FP25](<https://www.ibm.com/support/pages/node/6560100> \"IBM Tivoli Netcool Impact 7.1.0 FP25\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-31T05:53:50", "type": "ibm", "title": "Security Bulletin: A vulnerability in IBM Java SDK affects IBM Tivoli Netcool Impact (CVE-2021-35560, CVE-2021-35578, CVE-2021-35564, CVE-2021-35565, CVE-2021-35588, CVE-2021-41035)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2022-03-31T05:53:50", "id": "E32737978668877844511A4A9B923FA4352484A2108E7BFCECFCD1FBA9A6DC3E", "href": "https://www.ibm.com/support/pages/node/6568225", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:46:40", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, 8* that are used by Rational Application Developer\u00ae. These issues were disclosed as part of the IBM Java SDK updates in October 2021. IBM 8 Fix SR7 FP5 (8.0.7.5). \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nRational Application Developer| 9.6 \nRational Application Developer| 9.7 \n \n## Remediation/Fixes\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FRational%2FIBM+Rational+Application+Developer+for+WebSphere+Software&fixids=Rational-RAD-Java8SR7FP5_RAD_RSA-ifix&source=SAR&function=fixId&parent=ibm/Rational](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FRational%2FIBM+Rational+Application+Developer+for+WebSphere+Software&fixids=Rational-RAD-Java8SR7FP5_RAD_RSA-ifix&source=SAR&function=fixId&parent=ibm/Rational>)\n\nAn additional setting is required to make WAS administrative connections work after applying the fix. Please follow Technote\n\n[https://www.ibm.com/support/pages/node/6584349](<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ibm.com%2Fsupport%2Fpages%2Fnode%2F6584349&data=05%7C01%7CDavid.Christensen%40hcl.com%7Ccfee89e33e2946e0526f08da32a4a338%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637877979936104978%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=HoUqh8H2Pvq36S%2BvcT1ZoEozIxvb%2Bp7syoikH0SZCug%3D&reserved=0> \"Original URL:https://www.ibm.com/support/pages/node/6584349Click to follow link.\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-10T23:16:42", "type": "ibm", "title": "Security Bulletin: IBM SDK, Java Technology Edition, Security Update October 2021", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35559", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-41035"], "modified": "2022-05-10T23:16:42", "id": "3785C5D9EB5ED7F0A78E5E658EA5CFFAFAD59AC988F3C0537E78654DF8C1343D", "href": "https://www.ibm.com/support/pages/node/6566227", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:48:39", "description": "## Summary\n\nMonthly security fixes are released for IBM Cloud Pak for Business Automation. The following security vulnerabilities are addressed with the February 2022 fixes. All Cloud Pak services pick up new versions of repackaged open source libraries regardless whether reported vulnerabilities for these libraries affect the product. For a list of CVEs that are no longer reported in OSS scanning of current images, see the readme of the ifix in your version.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-38893](<https://vulners.com/cve/CVE-2021-38893>) \n** DESCRIPTION: **IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209512. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209512](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209512>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-38900](<https://vulners.com/cve/CVE-2021-38900>) \n** DESCRIPTION: **IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access controls. IBM X-Force ID: 209607. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209607](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209607>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s)| Status \n---|---|--- \n \nIBM Cloud Pak for Business Automation\n\n| V21.0.3 - V21.0.3-IF004| affected \nIBM Cloud Pak for Business Automation| V21.0.2 - V21.0.2-IF007| affected \nIBM Cloud Pak for Business Automation| \n\nV21.0.1 - V21.0.1-IF007 \nV20.0.1 - V20.0.3 \nV19.0.1 - V19.0.3 \nV18.0.0 - V18.0.2\n\n| affected \n \n## Remediation/Fixes\n\nThe recommended solution is to apply the February 2022 security fix as soon as practical.\n\nAffected Product(s)| Version(s)| Remediation / Fix \n---|---|--- \nIBM Cloud Pak for Business Automation| V21.0.3 - V21.0.3-IF004| Apply security fix [21.0.3-IF005](<https://www.ibm.com/support/pages/node/6557050> \"21.0.3-IF005\" ) \nIBM Cloud Pak for Business Automation| V21.0.2 - V21.0.2-IF007| Apply security fix [21.0.2-IF008](<https://www.ibm.com/support/pages/node/6557060> \"21.0.2-IF008\" ) or upgrade to [21.0.3-IF005](<https://www.ibm.com/support/pages/node/6557050> \"21.0.3-IF005\" ) \nIBM Cloud Pak for Business Automation| V21.0.1 - V21.0.1-IF008 \nV20.0.1 - V20.0.3 \nV19.0.1 - V19.0.3 \nV18.0.0 - V18.0.2| Upgrade to [21.0.2-IF008](<https://www.ibm.com/support/pages/node/6557060> \"21.0.2-IF008\" ) or [21.0.3-IF005](<https://www.ibm.com/support/pages/node/6557050> \"21.0.3-IF005\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-10T21:42:40", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerability are addressed in monthly security fix for IBM Cloud Pak for Business Automation February 2022", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-38893", "CVE-2021-38900", "CVE-2021-41035"], "modified": "2022-03-10T21:42:40", "id": "491BCCBFA56FD5656AD6056603422EE25ADBD4714150C62D560AB2E48F9E5107", "href": "https://www.ibm.com/support/pages/node/6561229", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:49:20", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 1.8 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could provide weaker than expected security, caused by the failure to throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nContent Collector for IBM Connections| 4.0.1 \n \n\n\n## Remediation/Fixes\n\n**Product** | **VRM**| **Remediation** \n---|---|--- \nContent Collector for Email| 4.0.1| Use Content Collector for Email 4.0.1.14 [Interim Fix IF001](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.14-IBM-ICC-IF001&source=SAR> \"Interim Fix IF001\" ) \nContent Collector for File Systems| 4.0.1| Use Content Collector for File Systems 4.0.1.1[4 ](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.10-IBM-ICC-IF002&source=SAR>)[Interim Fix IF001](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.14-IBM-ICC-IF001&source=SAR> \"Interim Fix IF001\" ) \nContent Collector for Microsoft SharePoint| 4.0.1| Use Content Collector for Microsoft SharePoint 4.0.1.14 [Interim Fix IF001](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.14-IBM-ICC-IF001&source=SAR> \"Interim Fix IF001\" ) \nContent Collector for IBM Connections| 4.0.1| Use Content Collector for IBM Connections 4.0.1.14 [Interim Fix IF001](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.14-IBM-ICC-IF001&source=SAR> \"Interim Fix IF001\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-22T11:50:49", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-41035"], "modified": "2022-02-22T11:50:49", "id": "A50C7AAB1038318633BD6D54470AC947DDB79DE3241C7C7C305CAC988778D0A7", "href": "https://www.ibm.com/support/pages/node/6558520", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:49:20", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 1.8 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could provide weaker than expected security, caused by the failure to throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nContent Collector for File Systems| 4.0.1 \n \n\n\n## Remediation/Fixes\n\n**Product** | **VRM**| **Remediation** \n---|---|--- \nContent Collector for Email| 4.0.1| Use Content Collector for Email 4.0.1.14 [Interim Fix IF001](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.14-IBM-ICC-IF001&source=SAR> \"Interim Fix IF001\" ) \nContent Collector for File Systems| 4.0.1| Use Content Collector for File Systems 4.0.1.1[4 ](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.10-IBM-ICC-IF002&source=SAR>)[Interim Fix IF001](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.14-IBM-ICC-IF001&source=SAR> \"Interim Fix IF001\" ) \nContent Collector for Microsoft SharePoint| 4.0.1| Use Content Collector for Microsoft SharePoint 4.0.1.14 [Interim Fix IF001](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.14-IBM-ICC-IF001&source=SAR> \"Interim Fix IF001\" ) \nContent Collector for IBM Connections| 4.0.1| Use Content Collector for IBM Connections 4.0.1.14 [Interim Fix IF001](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.14-IBM-ICC-IF001&source=SAR> \"Interim Fix IF001\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-22T11:22:33", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-41035"], "modified": "2022-02-22T11:22:33", "id": "293EF81263893C534C2D8F71EB157B1654E302EABCD1A18EBBAB4B99114BF099", "href": "https://www.ibm.com/support/pages/node/6558514", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:49:21", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 1.8 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could provide weaker than expected security, caused by the failure to throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nContent Collector for Microsoft SharePoint| 4.0.1 \n \n## Remediation/Fixes\n\n**Product**\n\n| **VRM**| **Remediation** \n---|---|--- \nContent Collector for Email| 4.0.1| Use Content Collector for Email 4.0.1.14 [Interim Fix IF001](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.14-IBM-ICC-IF001&source=SAR> \"Interim Fix IF001\" ) \nContent Collector for File Systems| 4.0.1| Use Content Collector for File Systems 4.0.1.1[4 ](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.10-IBM-ICC-IF002&source=SAR>)[Interim Fix IF001](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.14-IBM-ICC-IF001&source=SAR> \"Interim Fix IF001\" ) \nContent Collector for Microsoft SharePoint| 4.0.1| Use Content Collector for Microsoft SharePoint 4.0.1.14 [Interim Fix IF001](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.14-IBM-ICC-IF001&source=SAR> \"Interim Fix IF001\" ) \nContent Collector for IBM Connections| 4.0.1| Use Content Collector for IBM Connections 4.0.1.14 [Interim Fix IF001](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.14-IBM-ICC-IF001&source=SAR> \"Interim Fix IF001\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-22T11:48:42", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-41035"], "modified": "2022-02-22T11:48:42", "id": "AA0BE28E43B39021D906F1E285D2540CB9B25A4A55710B6D452BCC77A0E1BFFD", "href": "https://www.ibm.com/support/pages/node/6558516", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:49:21", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 1.8 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could provide weaker than expected security, caused by the failure to throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nContent Collector for Email| 4.0.1 \n \n\n\n## Remediation/Fixes\n\n**Product** | **VRM**| **Remediation** \n---|---|--- \nContent Collector for Email| 4.0.0, 4.0.1| Use Content Collector for Email 4.0.1.14 [Interim Fix IF001](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.14-IBM-ICC-IF001&source=SAR> \"Interim Fix IF001\" ) \nContent Collector for File Systems| 4.0.0, 4.0.1| Use Content Collector for File Systems 4.0.1.1[4 ](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.10-IBM-ICC-IF002&source=SAR>)[Interim Fix IF001](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.14-IBM-ICC-IF001&source=SAR> \"Interim Fix IF001\" ) \nContent Collector for Microsoft SharePoint| 4.0.0, 4.0.1| Use Content Collector for Microsoft SharePoint 4.0.1.14 [Interim Fix IF001](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.14-IBM-ICC-IF001&source=SAR> \"Interim Fix IF001\" ) \nContent Collector for IBM Connections| 4.0.0, 4.0.1| Use Content Collector for IBM Connections 4.0.1.14 [Interim Fix IF001](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.14-IBM-ICC-IF001&source=SAR> \"Interim Fix IF001\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-22T11:54:33", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-41035"], "modified": "2022-02-22T11:54:33", "id": "260279235555854E885845C451ECA2B40FEE914A9DAA545DB60B34FED9655DD0", "href": "https://www.ibm.com/support/pages/node/6558524", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:48:44", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8 and IBM\u00ae Runtime Environment Java\u2122 Version 8 used by IBM Security QRadar SOAR. IBM has addressed the applicable CVEs (CVE-2021-35560, CVE-2021-35578, CVE-2021-35564, CVE-2021-35565, CVE-2021-35588).\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM\u00ae Security SOAR| IBM Security SOAR \n \n\n\n## Remediation/Fixes\n\nUsers must upgrade to v44.0 of IBM Security QRadar SOAR (previously known as IBM Resilient) in order to obtain a fix for this vulnerability. This upgrades the version of IBM Java SDK to [8.0 Service Refresh 7](<https://www.ibm.com/support/pages/java-sdk-fixes-version-80> \"8.0 Service Refresh 7\" ). \n\nYou can upgrade the platform by following the instructions in the \"[Upgrade Procedure](<https://www.ibm.com/docs/en/sqsp/44?topic=sig-upgrading-platform> \"Upgrade Procedure\" )\" section in the IBM Security QRadar SOAR Platform documentation. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-03T14:18:43", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security QRadar SOAR ( CVE-2021-35560, CVE-2021-35578, CVE-2021-35564, CVE-2021-35565, CVE-2021-35588)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35588"], "modified": "2022-03-03T14:18:43", "id": "5A267D6DC91BB78194DB393D512A5DB239DA0C38596EE5EB3F28E6DB5C4B8EE1", "href": "https://www.ibm.com/support/pages/node/6560969", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:52:13", "description": "## Summary\n\nThis bulletin covers all applicable Java SE CVEs published by Oracle as part of their October 2021 Critical Patch Update, except for CVE-2021-35550, CVE-2021-35561, and CVE-2021-35603, which will be covered by future bulletins. For more information please refer to Oracle's October 2021 CPU Advisory and the X-Force database entries referenced below.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n**DESCRIPTION: **Eclipse Openj9 could provide weaker than expected security, caused by the failure to throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\n7.0.0.0 - 7.0.10.90 \n7.1.0.0 - 7.1.4.90 \n8.0.0.0 - 8.0.6.36 \n \nFor detailed information on which CVEs affect which releases, please refer to the [IBM SDK, Java Technology Edition Security Vulnerabilities page](<https://developer.ibm.com/javasdk/support/security-vulnerabilities/>). \n \nNOTE: CVE-2021-35588 affects IBM SDK, Java Technology Edition on Solaris, HP-UX and Mac OS only.\n\n## Remediation/Fixes\n\n7.0.11.0 \n7.1.5.0 \n8.0.7.0 \n \nIBM SDK, Java Technology Edition releases can be downloaded, subject to the terms of the developerWorks license, from the [Java Developer Center](<https://developer.ibm.com/javasdk/downloads/>). \n \nIBM customers requiring an update for an SDK shipped with an IBM product should contact [IBM support](<http://www.ibm.com/support/>), and/or refer to the appropriate product security bulletin. \n\n**APAR numbers are as follows:**\n\n[IJ36016](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ36016>) (CVE-2021-35560) \n[IJ36018](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ36018>) (CVE-2021-35586) \n[IJ36019](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ36019>) (CVE-2021-35578) \n[IJ35992](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ35992>) (CVE-2021-35564) \n[IJ36021](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ36021>) (CVE-2021-35559) \n[IJ36022](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ36022>) (CVE-2021-35556) \n[IJ36023](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ36023>) (CVE-2021-35565) \n[IJ35976](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ35976>) (CVE-2021-41035)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-02T16:45:48", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities may affect IBM\u00ae SDK, Java\u2122 Technology Edition", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35550", "CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35561", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-35603", "CVE-2021-41035"], "modified": "2021-12-02T16:45:48", "id": "E4141DD78AFBC22DDE732910F84CF4E67B4F57A1062C9D9AFC473A5AF4412618", "href": "https://www.ibm.com/support/pages/node/6522860", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:37:08", "description": "## Summary\n\nVulnerabilities in Java impact IBM Cloud Application Business Insights (CVE-2021-35550, CVE-2021-35561, CVE-2021-35603, and CVE-2021-41035).\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Cloud Application Business Insights| 1.1.7 \nIBM Cloud Application Business Insights| 1.1.6 \nIBM Cloud Application Business Insights| 1.1.5 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerabilities now by applying the fix packs as described below.**\n\nFor systems where IBM Cloud Application Business Insights version 1.1.7 is installed, the vulnerabilities can be remediated by applying the ICABI FixPack 1.1.7.2. \n\nFor systems where IBM Cloud Application Business Insights version 1.1.7 is installed on Red Hat Linux on IBM\u00ae Power\u00ae (LE), the vulnerabilities can be remediated by applying the ICABI FixPack 1.1.7.2 pLinux. \n\nFor systems where IBM Cloud Application Business Insights version 1.1.6 is installed, the vulnerabilities can be remediated by applying the ICABI FixPack 1.1.6.5. \n\nFor systems where IBM Cloud Application Business Insights version 1.1.5 is installed, the vulnerabilities can be remediated by applying the ICABI FixPack 1.1.5.6.\n\n**The fixes and install instructions can be found at the following location:**\n\n**Fix Pack**| **Download Link (Fix Central)** \n---|--- \nICABI 1.1.7.2 Fix Pack| [http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Cloud+App+Management&fixids=ICABI_1.1.7.2.xml&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Cloud+App+Management&fixids=ICABI_1.1.7.2.xml&source=SAR>) \nICABI 1.1.7.2 Fix Pack - for Red Hat Linux on IBM\u00ae Power\u00ae (LE)| [http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Cloud+App+Management&fixids=ICABI_1.1.7.2_pLinux&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Cloud+App+Management&fixids=ICABI_1.1.7.2_pLinux&source=SAR>) \nICABI 1.1.6.5 Fix Pack| [http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Cloud+App+Management&fixids=ICABI_1.1.6.5.xml&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Cloud+App+Management&fixids=ICABI_1.1.6.5.xml&source=SAR>) \nICABI 1.1.5.6 Fix Pack| [http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Cloud+App+Management&fixids=ICABI_1.1.5.6.xml&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Cloud+App+Management&fixids=ICABI_1.1.5.6.xml&source=SAR>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-30T15:09:22", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Java impact IBM Cloud Application Business Insights (CVE-2021-35550, CVE-2021-35561, CVE-2021-35603, and CVE-2021-41035)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35550", "CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35561", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-35603", "CVE-2021-41035"], "modified": "2022-12-30T15:09:22", "id": "BB645F2F67DDEFCDF7381A9AF56F998628C445D508AA5CE8B9F1A085A16618A9", "href": "https://www.ibm.com/support/pages/node/6558494", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:45:08", "description": "## Summary\n\nVulnerabilities in Java are affecting Watson Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-2388](<https://vulners.com/cve/CVE-2021-2388>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205815](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205815>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-2369](<https://vulners.com/cve/CVE-2021-2369>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Library component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205796](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205796>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-2432](<https://vulners.com/cve/CVE-2021-2432>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205856](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205856>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-2341](<https://vulners.com/cve/CVE-2021-2341>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205768](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205768>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Knowledge Catalog on-prem| 3.5.1 \nIBM Watson Knowledge Catalog on-prem| 4.0 \n \n\n\n## Remediation/Fixes\n\nWatson Knowledge Catalog for IBM Cloud Pak for Data 3.5: install refresh 11 <https://www.ibm.com/docs/en/cloud-paks/cp-data/3.5.0?topic=overview-whats-new#whats-new__refresh-11>\n\nWatson Knowledge Catalog for IBM Cloud Pak for Data 4.0: install refresh 6 <https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=overview-whats-new#whats-new__refresh-6>\n\n## Workarounds and Mitigations\n\nNone. The Java JVM must be upgraded.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-22T17:21:40", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Java affecting Watson Knowledge Catalog for IBM Cloud Pak for Data", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-2341", "CVE-2021-2369", "CVE-2021-2388", "CVE-2021-2432", "CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2022-06-22T17:21:40", "id": "254CA19F01B91229AD797075EBFDE4E2F31B0E186E1F90FFE7EEA7B96C5576AF", "href": "https://www.ibm.com/support/pages/node/6597615", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:48:12", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8 used by Enterprise Content Management System Monitor. Enterprise Content Management System Monitor has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nEnterprise Content Management System Monitor | 5.5 \n \n## Remediation/Fixes\n\nEnterprise Content Management System Monitor5.5.7.0.2 [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/FileNet+System+Monitor&release=5.5.7.0&platform=All&function=all> \"Fix Central\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-03-25T06:36:33", "type": "ibm", "title": "Security Bulletin: Enterprise Content Management System Monitor is affected by a vulnerability in IBM\u00ae SDK Java\u2122 Technology Edition", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586"], "modified": "2022-03-25T06:36:33", "id": "367E775AC76361CE6C1C522DE3AADB0FE36538FF2F3D5337073A1FD70D69E08F", "href": "https://www.ibm.com/support/pages/node/6566367", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-28T01:48:05", "description": "## Summary\n\nThis security bulletin addresses the Information Disclosure vulnerability that has been found to impact Websphere Liberty in IBM Tivoli Application Dependency Discovery Manager.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-29842](<https://vulners.com/cve/CVE-2021-29842>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205202](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205202>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Application Dependency Discovery Manager| 7.3.0.3 - 7.3.0.9 \n| \n \n## Remediation/Fixes\n\nThe eFix in the table below can be downloaded and applied directly.\n\n**Fix**| **VRMF**| **APAR**| **How to acquire fix** \n---|---|---|--- \nefix_WLP_PSIRT_210010_FP6190313.zip | 7.3.0.5 - 7.3.0.6| None | [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=J6XgUzIFzi3Dm5dCcajDfWhPE7PVHqZbuPXZ9Ok4VQc> \"Download eFix\" ) \nefix_WLP_PSIRT_210010_FP9211123.zip| 7.3.0.7 -7.3.0.9| None| [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=neXkMKEo4SJWiPKfAu7g0Pu8AXKM6ZRxGd0zPwFz9YA> \"Download eFix\" ) \n \n**Note:**\n\nBefore TADDM 7.3.0.5, Java 7 was used and the upgraded Liberty version 21.0.0.10 requires Java8. Hence, no eFix can be provided for versions before 7.3.0.5.\n\nFor customers on TADDM FixPack 3 or FixPack 4, recommendation is to upgrade to a later version and then follow the steps mentioned above.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-31T06:39:36", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server & WAS Liberty is vulnerable to Information Exposure", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29842", "CVE-2021-35517", "CVE-2021-36090"], "modified": "2022-03-31T06:39:36", "id": "7FF67E7B52DAFF24211DBF2A070CA6F859E1B8F13FEC5BEDB6B3E4A7B2894505", "href": "https://www.ibm.com/support/pages/node/6525722", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-28T01:51:00", "description": "## Summary\n\nThere is a vulnerability in Liberty that affects IBM WIoTP MessageGateway.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-29842](<https://vulners.com/cve/CVE-2021-29842>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205202](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205202>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM IoT MessageSight| 2.0 \nIBM WIoTP MessageGateway| 5.0.0.2 \nIBM IoT MessageSight| 5.0.0.0 \n \n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n_IBM WIoTP MessageGateway_| \n\n_5.0.0.2_\n\n| \n\n_IT38767_\n\n| [_5.0.0.2-IBM-IMA-IFIT38767_](<https://www.ibm.com/support/pages/node/6524672>) \n_IBM MessageSight_| \n\n_5.0.0.0_\n\n| \n\n_IT38767_\n\n| [_5.0.0.0-IBM-IMA-IFIT38767_](<https://www.ibm.com/support/pages/node/6524662>) \n_IBM MessageSight_| \n\n_2.0.0.2_\n\n| \n\n_IT38767_\n\n| [_2.0.0.2-IBM-IMA-IFIT38767_](<https://www.ibm.com/support/pages/node//6524670>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-24T16:01:38", "type": "ibm", "title": "Security Bulletin: A vulnerability in Liberty affects IBM WIoTP MessageGateway (CVE-2021-29842)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29842", "CVE-2021-35517", "CVE-2021-36090"], "modified": "2021-12-24T16:01:38", "id": "900B686502E0C61F1BAA043F9387495F4C4AF282D993D0971AFB618978232651", "href": "https://www.ibm.com/support/pages/node/6527976", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-28T01:46:56", "description": "## Summary\n\nMuiltiple vulnerabilities in WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server are addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-29842](<https://vulners.com/cve/CVE-2021-29842>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205202](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205202>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nInfoSphere Information Server, Information Server on Cloud| 11.7 \n \n\n\n## Remediation/Fixes\n\n**Product** | **VRMF**| **APAR**| **Remediation** \n---|---|---|--- \nInfoSphere Information Server, InfoSphere Information Server on Cloud| 11.7| [JR64702](<http://www.ibm.com/support/docview.wss?uid=swg1JR64702> \"JR64702\" )| \\--Apply IBM InfoSphere Information Server version [11.7.1.0](<https://www.ibm.com/support/pages/node/878310>) \n\\--Apply IBM InfoSphere Information Server version [11.7.1.3](<https://www.ibm.com/support/pages/node/6498109> \"11.7.1.3\" ) \n\\--Apply Information Server [11.7.1.3 Service pack 4](<https://www.ibm.com/support/pages/node/6568469> \"11.7.1.3 Service pack 4\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-27T23:07:49", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in WebSphere Application Server Liberty affect IBM InfoSphere Information Server", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29842", "CVE-2021-35517", "CVE-2021-36090"], "modified": "2022-04-27T23:07:49", "id": "F89D3081DA6B5CB2F4FF097D956A1B15C95A11155B2977DE948E9FE8ECD15A28", "href": "https://www.ibm.com/support/pages/node/6575543", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-28T01:52:12", "description": "## Summary\n\nThis bulletin covers all applicable Java SE CVEs published by OpenJDK as part of their October 2021 Vulnerability Advisory, plus CVE-2021-41035. For more information please refer to OpenJDK's October 2021 Vulnerability Advisory and the X-Force database entries referenced below.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-35567](<https://vulners.com/cve/CVE-2021-35567>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition related to the Libraries component could allow an authenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211643](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211643>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2021-35550](<https://vulners.com/cve/CVE-2021-35550>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211627](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211627>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2021-35561](<https://vulners.com/cve/CVE-2021-35561>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Utility component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211637](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211637>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2021-35556](<https://vulners.com/cve/CVE-2021-35556>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211632](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211632>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2021-35603](<https://vulners.com/cve/CVE-2021-35603>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211676](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211676>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n**DESCRIPTION: **Eclipse Openj9 could provide weaker than expected security, caused by the failure to throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\n8.0.302.0 - 8.0.302.1 \n11.0.12.0 - 11.0.12.1 \n16.0.2.0 - 16.0.2.1 \n \nFor detailed information on which CVEs affect which releases, please refer to the [IBM Semeru Runtimes Security Vulnerabilities page](<https://www.ibm.com/support/pages/semeru-runtimes-security-vulnerabilites>).\n\n## Remediation/Fixes\n\n8.0.312.0 \n11.0.13.0 \n \nIBM Semeru Runtime releases can be downloaded from the [IBM Semeru Developer Center](<https://developer.ibm.com/languages/java/semeru-runtimes/downloads>). \n \nIBM customers requiring an update for an SDK shipped with an IBM product should contact [IBM support](<http://www.ibm.com/support/>), and/or refer to the appropriate product security bulletin.\n\n \n**APAR numbers are as follows:**\n\nTBC (CVE-2021-35567) \n[IJ36016](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ36016>) (CVE-2021-35560) \n[IJ36018](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ36018>) (CVE-2021-35586) \n[IJ36019](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ36019>) (CVE-2021-35578) \n[IJ35992](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ35992>) (CVE-2021-35564) \n[IJ36020](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ36021>) (CVE-2021-35561) \n[IJ36021](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ36021>) (CVE-2021-35559) \n[IJ36022](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ36022>) (CVE-2021-35556) \n[IJ36023](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ36023>) (CVE-2021-35565) \n[IJ36024](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ36024>) (CVE-2021-35503) \n[IJ35976](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ35976>) (CVE-2021-41035)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-02T16:09:54", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities may affect IBM\u00ae Semeru Runtime", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35503", "CVE-2021-35550", "CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35561", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35567", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35603", "CVE-2021-41035"], "modified": "2021-12-02T16:09:54", "id": "45F3E79F778FF116B7E1BB62B97CC9ADC2834AB5E2280953B0DB7A3ACB3667BE", "href": "https://www.ibm.com/support/pages/node/6522862", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:48:43", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 7 used by 4.1.0.0 to 4.1.0.3 and Version 8 used by 4.1.0.4 to 4.1.0.7 of IBM Tivoli System Automation for Multiplatforms. These issues were disclosed as part of the IBM Java SDK updates in Nov 2021.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli System Automation for Multiplatforms| 4.1 \n \n\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the corresponding fix to IBM Tivoli System Automation for Multiplatforms. To select the fix you need to apply in your environment, click on 'Download link' in the table below. \n\n * If you are running IBM Tivoli System Automation for Multiplatforms 4.1.0.0 - 4.1.0.3, please apply interim fix \u201c4.1.0.3-TIV-ITSAMP-<OS>-IF0017\u201d where <OS> represents the operating system for which you want to install the interim fix of this product version. You can apply this interim fix on top of any fixpack of version between 4.1.0.0 to 4.1.0.3.\n * If you are running IBM Tivoli System Automation for Multiplatforms 4.1.0.4, please apply interim fix \u201c4.1.0.4-TIV-ITSAMP-<OS>-IF0014\u201d where <OS> represents the operating system for which you want to install the interim fix of this product version. You can apply this interim fix on top of 4.1.0.4.\n * If you are running IBM Tivoli System Automation for Multiplatforms 4.1.0.5, please apply interim fix \u201c4.1.0.5-TIV-ITSAMP-<OS>-IF0008\u201d where <OS> represents the operating system for which you want to install the interim fix of this product version. You can apply this interim fix on top of 4.1.0.5.\n * If you are running IBM Tivoli System Automation for Multiplatforms 4.1.0.6, please apply interim fix \u201c4.1.0.6-TIV-ITSAMP-<OS>-IF0003\u201d where <OS> represents the operating system for which you want to install the interim fix of this product version. You can apply this interim fix on top of 4.1.0.6.\n * If you are running IBM Tivoli System Automation for Multiplatforms 4.1.0.7, please apply interim fix \u201c4.1.0.7-TIV-ITSAMP-<OS>-IF0001\u201d where <OS> represents the operating system for which you want to install the interim fix of this product version. You can apply this interim fix on top of 4.1.0.7.\nProduct| VRMF| APAR \n---|---|--- \nIBM Tivoli System Automation for Multiplatforms| 4.1| [Down](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Tivoli&product=ibm/Tivoli/Tivoli+System+Automation+for+Multiplatforms&release=All&platform=All&function=all>)[load Link](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Tivoli&product=ibm/Tivoli/Tivoli+System+Automation+for+Multiplatforms&release=All&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2022-03-04T11:16:58", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Nov 2021 CPU (CVE-2021-41035, CVE-2021-35578, CVE-2021-35586, CVE-2021-35564, CVE-2021-35561, CVE-2021-35565, CVE-2021-35567)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-35561", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35567", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-41035"], "modified": "2022-03-04T11:16:58", "id": "4260DAECE64987CB5CD4D9ECB4D9B5114A02F141075740ECA0BC83E3F74E1DAF", "href": "https://www.ibm.com/support/pages/node/6561243", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-28T01:48:44", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. These issues were disclosed as part of the IBM Java SDK updates in Nov 2021.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli System Automation Application Manager| 4.1 \n \n\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the corresponding fix to IBM Tivoli System Automation Application Manager. To select the fix you need to apply in your environment, click on 'Download link' in the table below. \n\n * If you are running IBM Tivoli System Automation Application Manager 4.1.0.0 to 4.1.0.1, please apply interim fix \u201c4.1.0.1-TIV-SAAMR-<OS>-IF0020\u201d where <OS> represents the operating system for which you want to install the interim fix of this product version. You can apply this interim fix on top of any fixpack of version 4.1.0.0 to 4.1.0.1.\n * If you are running IBM Tivoli System Automation Application Manager 4.1.0.2, please apply interim fix \u201c4.1.0.2-TIV-SAAMR-<OS>-IF0010\u201d where <OS> represents the operating system for which you want to install the interim fix of this product version. You can apply this interim fix on top of any fixpack of version 4.1.0.2.\n * If you are running IBM Tivoli System Automation Application Manager 4.1.0.3, please apply interim fix \u201c4.1.0.3-TIV-SAAMR-<OS>-IF0006\u201d where <OS> represents the operating system for which you want to install the interim fix of this product version. You can apply this interim fix on top of any fixpack of version 4.1.0.3.\n * If you are running IBM Tivoli System Automation Application Manager 4.1.0.4, please apply interim fix \u201c4.1.0.4-TIV-SAAMR-<OS>-IF0003\u201d where <OS> represents the operating system for which you want to install the interim fix of this product version. You can apply this interim fix on top of any fixpack of version 4.1.0.4.\n * If you are running IBM Tivoli System Automation Application Manager 4.1.0.5, please apply interim fix \u201c4.1.0.5-TIV-SAAMR-<OS>-IF0001\u201d where <OS> represents the operating system for which you want to install the interim fix of this product version. You can apply this interim fix on top of any fixpack of version 4.1.0.5.\nProduct| VRMF| APAR \n---|---|--- \nIBM Tivoli System Automation Application Manager| 4.1| [Download Link](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Tivoli&product=ibm/Tivoli/Tivoli+System+Automation+Application+Manager&release=All&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2022-03-04T11:03:37", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager Nov 2021 CPU (CVE-2021-41035, CVE-2021-35578, CVE-2021-35586, CVE-2021-35564, CVE-2021-35561, CVE-2021-35565, CVE-2021-35567)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-35561", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35567", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-41035"], "modified": "2022-03-04T11:03:37", "id": "49205DE3158828CA6FA6C7CD62D00C477647536578E7504D371C893392271D34", "href": "https://www.ibm.com/support/pages/node/6561241", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-28T01:48:36", "description": "## Summary\n\nA denial of service vulnerability in IBM\u00ae Runtime Environment Java, disclosed as part of the IBM Java SDK updates in October 2021, can affect IBM Spectrum Protect Operations Center and IBM Spectrum Protect Client Management Service. Denial of service vulnerabilities in Apache Commons Compress which is used by IBM WebSphere Application Server Liberty might also affect IBM Spectrum Protect Operations Center and Client Management Service. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Protect Operations Center| 8.1.0.000-8.1.13.xxx \nIBM Spectrum Protect Client Management Service| 8.1.0.000-8.1.13.xxx \n \n## Remediation/Fixes\n\n**_IBM Spectrum Protect Operations Center Affected Versions \n_**| **_Fixing \nLevel_**| **_Platform_**| **_Link to Fix and Instructions \n_** \n---|---|---|--- \n \n8.1.0.000-8.1.13.xxx| \n8.1.14| AIX \nLinux \nWindows| \n<https://www.ibm.com/support/pages/node/6562363> \n \n**_IBM Spectrum Protect Client Management Service Affected Versions \n_**| **_Fixing \nLevel_**| **_Platform_**| **_Link to Fix and Instructions \n_** \n---|---|---|--- \n8.1.0.000-8.1.13.xxx| 8.1.14| Linux \nWindows| [https://public.dhe.ibm.com/storage/tivoli-storage-management/maintenance/cms/v8r1](<https://public.dhe.ibm.com/storage/tivoli-storage-management/maintenance/cms/v8r1/> \"https://public.dhe.ibm.com/storage/tivoli-storage-management/maintenance/cms/v8r1\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-12T00:05:06", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in IBM Java Runtime and IBM WebSphere Application Server Liberty affect IBM Operations Center and Client Management Service (CVE-2021-35578, CVE-2021-35517, CVE-2021-36090)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35517", "CVE-2021-35578", "CVE-2021-36090"], "modified": "2022-03-12T00:05:06", "id": "BAF43585A5ABFAA551BDE0DDB4AD7ECB0C42E21551DBFD52E1607957FAE4176A", "href": "https://www.ibm.com/support/pages/node/6562849", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-28T01:49:38", "description": "## Summary\n\nThere are vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM Security Directory Suite. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nSecurity Directory Server Virtual Appliance| 8.0.1 \n \n\n\n## Remediation/Fixes\n\n**Product** | **Remediation** \n---|--- \nIBM Security Directory Suite 8.0.1| [IBM Security Directory Suite 8.0.1.17](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Security+Directory+Suite&fixids=8.0.1.17-ISS-ISDS_20220121-0252.pkg&source=SAR> \"IBM Security Directory Suite 8.0.1.17\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-08T19:40:15", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in IBM\u00ae Java SDK that affect IBM Security Directory Suite - October 2021 CPU", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35560", "CVE-2021-35578", "CVE-2021-41035"], "modified": "2022-02-08T19:40:15", "id": "E0CC2350C4B81A12C3DEE043992E8DA578FE7AE22784D3F87594BBD243D174F8", "href": "https://www.ibm.com/support/pages/node/6554578", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:45:30", "description": "## Summary\n\nMultiple vulnerabilities has been identified in IBM Java. IBM SDK, Java Technology Edition Quarterly CPU - Oct 2021 - Includes Oracle October 2021 CPU Copy Services Manager has a dependency on Java. Version CSM 6.3.1 and prior are therefore exposed by this vulnerability. CSM 6.3.2 ships an embedded version of Java that addresses these issues.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Copy Services Manager| All prior to 6.3.2 \n \n\n\n## Remediation/Fixes\n\nUpgrade to Copy Services Manager 6.3.2 to pick up an updated version of embedded Java. \n\n_Product_\n\n| \n\n_VRMF_\n\n| \n\n_ _Remediation / Fix Location__ \n \n---|---|--- \n \n_Copy Services Manager_\n\n| \n\n_6.3.2 +_\n\n| \n\n<https://www.ibm.com/support/pages/latest-downloads-ibm-copy-services-manager> \n \n_Copy Services Manager_\n\n| \n\n_versions prior to 6.3.2_\n\n| \n\n_Upgrade fix pack maintenance or PTF PH43627 to get the fixes._ \n \n**CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n**DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: <https://exchange.xforce.ibmcloud.com/vulnerabilities/212010> for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n** \nCVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: <https://exchange.xforce.ibmcloud.com/vulnerabilities/211636> for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: <https://exchange.xforce.ibmcloud.com/vulnerabilities/211654> for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-13T21:46:30", "type": "ibm", "title": "Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2021 - Includes Oracle October 2021 CPU", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35560", "CVE-2021-35578", "CVE-2021-41035"], "modified": "2022-06-13T21:46:30", "id": "ABBF3678DDF9E39DBE04B3B978A0450391CF37E5840B6C10C068AED5D170AB44", "href": "https://www.ibm.com/support/pages/node/6594549", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:51:03", "description": "## Summary\n\nMultiple vulnerabilities in Java Runtime Environment Version 8.0 used by IBM SPSS Statistics Subscription. IBM SPSS Statistics Subscription has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could provide weaker than expected security, caused by the failure to throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nSPSS Statistics Subscription| 1.0 \n28.0.1 \n \n\n\n## Remediation/Fixes\n\nAffected Products| Versions| Fixes \n---|---|--- \nSPSS Statistics Subscription| 1.0 \n28.0.1| Install [Statistics 28.0.1-IF004](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Statistics&fixids=28.0.1-IM-S28STAT-ALL-IF004&source=SAR> \"Statistics 28.0.1-IF004\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-23T16:02:34", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Java Runtime affects IBM SPSS Statistics Subscription", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35578", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2021-12-23T16:02:34", "id": "57F378C3ECAA81B57FEBD5461678476040D14C98BB74B1C978499FB13671C0A5", "href": "https://www.ibm.com/support/pages/node/6536922", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:46:37", "description": "## Summary\n\nMultiple issues were identified in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 8 and IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 7 which affect IBM MQ.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n**DESCRIPTION: **Eclipse Openj9 could provide weaker than expected security, caused by the failure to throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM MQ | 9.1 LTS \nIBM MQ | 9.0 LTS \nIBM MQ | 8.0 \nIBM MQ | 9.2 CD \nIBM MQ | 9.1 CD \nIBM MQ | 9.2 LTS \n \n## Remediation/Fixes\n\nThis issue is fixed under APAR IT39209\n\n**IBM MQ 8.0**\n\n[Apply iFix for APAR IT39209](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+MQ&release=8.0&platform=All&function=aparId&apars=IT40192&source=fc> \"Apply iFix for APAR IT39209\" )\n\n**IBM MQ 9.0 LTS**\n\n[Apply FixPack 9.0.0.13](<https://www.ibm.com/support/pages/downloading-ibm-mq-90013> \"Apply FixPack 9.0.0.13\" )\n\n**IBM MQ 9.1 LTS**\n\n[Apply FixPack 9.1.0.10](<https://www.ibm.com/support/pages/downloading-ibm-mq-91010> \"Apply FixPack 9.1.0.10\" )\n\n**IBM MQ 9.2 LTS**\n\n[Apply FixPack 9.2.0.5](<https://www.ibm.com/support/pages/node/6552348> \"Apply FixPack 9.2.0.5\" )\n\n**IBM MQ 9.1 CD and 9.2 CD**\n\n[Upgrade to IBM MQ 9.2.5](<https://www.ibm.com/support/pages/downloading-ibm-mq-925-continuous-delivery> \"Upgrade to IBM MQ 9.2.5\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-11T15:35:46", "type": "ibm", "title": "Security Bulletin: IBM MQ is vulnerable to multiple issues in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 8 and Version 7 (CVE-2021-35578, CVE-2021-35588, CVE-2021-41035)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35578", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2022-05-11T15:35:46", "id": "D47611BA4D06A4B35D9FCBB59044890D2897458BA2C2ECCD2338DC6FD72E70CD", "href": "https://www.ibm.com/support/pages/node/6540570", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:51:04", "description": "## Summary\n\nMultiple vulnerabilities in Java Runtime Environment Version 8.0 used by IBM SPSS Statistics. IBM SPSS Statistics has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could provide weaker than expected security, caused by the failure to throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. An attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nSPSS Statistics| 28.0.1 \nSPSS Statistics| 27.0.1 \nSPSS Statistics| 26.0 \nSPSS Statistics| 25.0 \n \n## Remediation/Fixes\n\nAffected Products| Versions| Fixes \n---|---|--- \nSPSS Statistics| 28.0.1| Install [Statistics 28.0.1-IF004](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Statistics&fixids=28.0.1-IM-S28STAT-ALL-IF004&source=SAR> \"Statistics 28.0.1-IF004\" ) \nSPSS Statistics| 27.0.1| Install [Statistics 27.0.1-IF020](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Statistics&fixids=27.0.1-IM-S27STAT-ALL-IF020&source=SAR> \"Statistics 27.0.1-IF020\" ) \nSPSS Statistics| 26.0| Install [Statistics 26 FP001-IF014](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Statistics&fixids=26.0-IM-S26STAT-ALL-FP001-IF014&source=SAR> \"Statistics 26 FP001-IF014\" ) \nSPSS Statistics| 25.0| Install [Statistics 25 FP002-IF014](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FSPSS+Statistics&fixids=25.0-IM-S25STAT-ALL-FP002-IF014&source=SAR> \"Statistics 25 FP002-IF014\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-23T15:56:29", "type": "ibm", "title": "Security Bulletin: Mutliple Vulnerabilities in Java Runtime affects IBM SPSS Statistics", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35578", "CVE-2021-35588", "CVE-2021-41035"], "modified": "2021-12-23T15:56:29", "id": "772848C53596DE34465889DD28286A30DD0BBDA4107ED2CD760C99E75C2145EF", "href": "https://www.ibm.com/support/pages/node/6528018", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:51:37", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 8 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-2341](<https://vulners.com/cve/CVE-2021-2341>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205768](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205768>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nz/Transaction Processing Facility| 1.1 \n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| APAR| Remediation/First Fix \n---|---|---|--- \nz/TPF| 1.1| PJ46623| \n\n 1. Apply the APAR, which is available for download from the [TPF Family Products: Maintenance](<https://www.ibm.com/support/pages/node/618275> \"TPF Family Product: Maintenance\" ) web page.\n 2. Download and install the PJ46623_ibm-java-jre-8.0-7.0 package from the [IBM 64-bit Runtime Environment for z/TPF, Java Technology Edition, Version 8](<http://www.ibm.com/support/docview.wss?uid=swg24043118>) download page. \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-12-16T19:48:12", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/Transaction Processing Facility", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-2341", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586"], "modified": "2021-12-16T19:48:12", "id": "D7F42748501798B46C92E5DDE65168A07A34CDC17FA2997DA4B2703CB1DEE689", "href": "https://www.ibm.com/support/pages/node/6527308", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-28T01:46:03", "description": "## Summary\n\nThe version of IBM WebSphere Liberty Profile that is shipped with IBM MQ is vulnerable to Information Disclosure. IBM WebSphere Liberty Profile is used to provide WebUI and REST API capabilities.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-35517](<https://vulners.com/cve/CVE-2021-35517>) \n**DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2021-36090](<https://vulners.com/cve/CVE-2021-36090>) \n**DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2021-29842](<https://vulners.com/cve/CVE-2021-29842>) \n**DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205202](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205202>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM MQ | 9.2 CD \nIBM MQ | 9.2 LTS \nIBM MQ | 9.1 CD \nIBM MQ | 9.1 LTS \n \n## Remediation/Fixes\n\nThis issued was resolved under APAR IT38503 \n\n**IBM MQ 9.1 LTS**\n\n[Apply FixPack 9.1.0.10](<https://www.ibm.com/support/pages/downloading-ibm-mq-910-older-fix-packs#fp91010>)\n\n**IBM MQ 9.2 LTS**\n\n[Apply FixPack 9.2.0.4](<https://www.ibm.com/support/pages/downloading-ibm-mq-9204>)\n\n**IBM MQ 9.1 CD and 9.2 CD**\n\n[Upgrade to IBM MQ 9.2.4](<https://www.ibm.com/support/pages/downloading-ibm-mq-924-continuous-delivery>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-26T23:29:57", "type": "ibm", "title": "Security Bulletin: The version of IBM WebSphere Liberty shipped with IBM MQ is vulnerable to multiple CVEs (CVE-2021-29842,CVE-2021-33517, CVE-2021-36090)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29842", "CVE-2021-33517", "CVE-2021-35517", "CVE-2021-36090"], "modified": "2022-05-26T23:29:57", "id": "87E69918E25D6751D3DFF28B93E0E32012AA2DB7FA1D0F74175CA8BE7330EFB7", "href": "https://www.ibm.com/support/pages/node/6527792", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-28T01:46:44", "description": "## Summary\n\nMultiple Vulnerabilities have been found in IBM Java SDK that is shipped with Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities in the IBM SDk October 2021 CPU update, which includes the IBM SDK April and July 2021 CPU updates. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-2161](<https://vulners.com/cve/CVE-2021-2161>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200290](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200290>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41035](<https://vulners.com/cve/CVE-2021-41035>) \n** DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to gain elevated privileges on the system, caused by not throwing IllegalAccessError for MethodHandles that invoke inaccessible interface methods. By persuading a victim to execute a specially-crafted program under a security manager, an attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code on the system. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-2369](<https://vulners.com/cve/CVE-2021-2369>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Library component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205796](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205796>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak System Software Suite| 2.3.3.0 \nIBM Cloud Pak System| \n\n2.3.0.1, 2.3.1.1, 2.3.2.0, 2.3.3.0, 2.3.3.1, 2.3.3.2, 2.3.3.3, 2.3.3.3 Interim Fix1 \n \nOS Images For Red Hat Linux Enterprise| 3.0.12.0 - 3.1.3.0 \n \n## Remediation/Fixes\n\nFor unsupported version/release/platform IBM recommends upgrading to a fixed, supported /release/platform of the product.\n\nMultiple vulnerabilities in IBM Java SDK as shipped with Cloud Pak System. In response to vulnerabilities Cloud Pak System upgraded Java to IBM SDK Java 8.0.7.0 This supersedes as it contains all CVEs as per IBM SDK Java CPU updates April and Jul 2021. \n\nOS Image for RedHat Enterprise Linux update includes applicable CVEs CVE-2021-2388, CVE-2021-2369, CVE-2021-2432, CVE-2021-2341. Cloud Pak System v.2.3.3.4 provides new base images OS Image for Red Hat Enterprise Linux (RHEL) : OS Image for Red Hat Enterprise Linux 3.1.4.0 and OS Image for Red Hat Enterprise Linux 4.0.0.0. \n\nFor IBM Cloud Pak System V2.3.0 through to V2.3.3.3 Interim Fix 1.\n\nupgrade to IBM Cloud Pak System V2.3.3.4 at[ Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=PureSystems&product=ibm/WebSphere/IBM+Cloud+Pak+System&release=2.3.3.4&platform=Linux&function=all> \"Fix Central\" )\n\nInformation on upgrading at : <http://www.ibm.com/support/docview.wss?uid=ibm10887959>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-06T19:20:38", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect Cloud Pak System", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-2161", "CVE-2021-2341", "CVE-2021-2369", "CVE-2021-2388", "CVE-2021-2432", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-41035"], "modified": "2022-05-06T19:20:38", "id": "5B55DE775FD627D53A5307BC1C2CCF710D57AAAAE0C4F339A2BFE244B91BF012", "href": "https://www.ibm.com/support/pages/node/6566881", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:44:12", "description": "## Summary\n\nIBM Java is the runtime environment used by several components in IBM Cloud Pak for Multicloud Management Monitoring and contains several security vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35560](<https://vulners.com/cve/CVE-2021-35560>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35578](<https://vulners.com/cve/CVE-2021-35578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35603](<https://vulners.com/cve/CVE-2021-35603>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211676](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211676>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak for Multicloud Management Monitoring| 2.0 - 2.3 Fix Pack 4 \n \n\n\n## Remediation/Fixes\n\nTo address the vulnerability, IBM strongly recommends you to upgrade IBM Cloud Pak for Multicloud Management to 2.3 Fix Pack 5. For upgrading instructions, see <https://www.ibm.com/docs/en/cloud-paks/cp-management/2.3.x?topic=installation-upgrade.>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-15T15:54:41", "type": "ibm", "title": "Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple vulnerabilities due to its use of IBM JAVA (CVE-2021-35560, CVE-2021-35578, CVE-2021-35565, CVE-2021-35603)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35560", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35603"], "modified": "2022-07-15T15:54:41", "id": "32B93E43E1C55C81657EE7907953E5A9D625B9880582E91319BEC424702F44FD", "href": "https://www.ibm.com/support/pages/node/6604053", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-28T01:43:48", "description": "## Summary\n\nJava SE as used by IBM Cloud Pak For Security is vulnerable to information disclosure and denial of service. IBM has addressed the relevant vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-35550](<https://vulners.com/cve/CVE-2021-35550>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211627](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211627>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-35564](<https://vulners.com/cve/CVE-2021-35564>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211640](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211640>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35559](<https://vulners.com/cve/CVE-2021-35559>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Swing component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35586](<https://vulners.com/cve/CVE-2021-35586>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-41041](<https://vulners.com/cve/CVE-2021-41041>) \n** DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by failing to throw the exception captured during bytecode verification when verification. By sending a specially-crafted request, an attacker could exploit this vulnerability to make unverified methods to be invoked using MethodHandles. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225398](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225398>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-35565](<https://vulners.com/cve/CVE-2021-35565>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211641](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211641>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35603](<https://vulners.com/cve/CVE-2021-35603>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211676](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211676>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-35588](<https://vulners.com/cve/CVE-2021-35588>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35561](<https://vulners.com/cve/CVE-2021-35561>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Utility component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211637](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211637>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nCloud Pak for Security (CP4S)| 1.8.0.0 - 1.8.2.0 \nCloud Pak for Security (CP4S)| 1.9.0.0 - 1.9.1.0 \n \n \n\n\n## Remediation/Fixes\n\nIBM encourages customers to update their systems promptly. \n\nPlease upgrade to CP4S 1.10.1.0 following instructions at <https://www.ibm.com/docs/en/cloud-paks/cp-security/1.10?topic=installing-upgrading-cloud-pak-security>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-07-25T14:08:02", "type": "ibm", "title": "Security Bulletin: Java SE as used by IBM Cloud Pak For Security is vulnerable to information disclosure and denial of service.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35550", "CVE-2021-35559", "CVE-2021-35561", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-35603", "CVE-2021-41041"], "modified": "2022-07-25T14:08:02", "id": "07D3AB62DFA72D2D71CAA0C7C12F57DDFFDD03F36F449256AA46D57B94E6850C", "href": "https://www.ibm.com/support/pages/node/6607001", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-02-28T01:51:07", "description": "## Summary\n\nThere are vulnerabilities in the Apache Log4j open source library which is used by SPSS Collaboration and Deployment Services for logging of messages and traces. These issues have been addressed. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nSPSS Collaboration and Deployment Services| 8.3 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerabilities now by installing the fix listed.**\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nSPSS Collaboration and Deployment Services| \n\n8.3.0.0\n\n| \n\nPH42959\n\n| \n\n[8.3.0.0-IM-SCaDS-IF005](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=SPSS&product=ibm/Information+Management/SPSS+Collaboration+and+Deployment+Services&release=8.3.0.0&platform=All&function=fixId&fixids=8.3.0.0-IM-SCaDS-IF005&login=true> \"8.3.0.0-IM-SCaDS-IF005\" ) \n \n**The fix needs to be applied to these components: \n**\n\nSPSS Collaboration and Deployment Services Repository Server\n\nSPSS Collaboration and Deployment Services Remote Scoring Server\n\nSPSS Collaboration and Deployment Services Remote Process Server\n\nSPSS Collaboration and Deployment Services Deployment Manager\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-22T15:04:37", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Apache Log4j affects SPSS Collaboration and Deployment Services", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2021-12-22T15:04:37", "id": "A326E188CED4EABC01874E1D337797D5BC22F3ADB5FAF12692F46CA9F4CEEEA1", "href": "https://www.ibm.com/support/pages/node/6536704", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-28T01:50:54", "description": "## Summary\n\nIBM Sterling Secure Proxy is vulnerable to denial of service and arbitrary code execution due to Apache Log4j, which is used for logging (CVE-2021-45105,CVE-2021-45046). The fix includes Apache Log4j 2.17.0.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Secure Proxy| 3.4.3.2 \nIBM Sterling Secure Proxy| 6.0.2 \nIBM Sterling Secure Proxy| 6.0.3 \n \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.**\n\nSee the Fix Central links below for Apache Log4j 2.17.0 jar files and installation instructions for an immediate remediation of the vulnerabilities prior to full iFixes for the associated releases. \n\n**Product**| **VRMF**| **Remediation** \n---|---|--- \nIBM Sterling Secure Proxy| 6.0.3| [Fix Central - 6030](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Secure+Proxy&release=6.0.3.0&platform=All&function=all> \"Fix Central - 6030\" ) \nIBM Sterling Secure Proxy| 6.0.2| [Fix Central - 6030](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Secure+Proxy&release=6.0.3.0&platform=All&function=all> \"Fix Central - 6030\" ) \nIBM Sterling Secure Proxy| 3.4.3.2| [Fix Central - 6030](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Secure+Proxy&release=6.0.3.0&platform=All&function=all> \"Fix Central - 6030\" ) \n \nThe [Fix Central - 6030](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Secure+Proxy&release=6.0.3.0&platform=All&function=all> \"Fix Central - 6030\" ) link points to a fix called SSP-SEAS-log4j-2.17.0-jars-for-CVE-2021-45105 which supplies the jars and instructions to replace them. This fix remediates CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-04T16:02:00", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Log4j impact IBM Sterling Secure Proxy (CVE-2021-45105, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-04T16:02:00", "id": "1C6CC8129E7AEC5C314CCFD7570FC09548438820946E9774FD2E2410C0897958", "href": "https://www.ibm.com/support/pages/node/6538100", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-28T01:44:04", "description": "## Summary\n\nFor the 8.0.0 version of MSO, which is distributed as part of the MAS catalog here are the instructions to move to the 8.0.3 version to get log4j 2.17.1 Apache Log4j - CVE-2021-45105 (affecting v2.16) and CVE-2021-45046 (affecting v2.15) \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-44228](<https://vulners.com/cve/CVE-2021-44228>) \n** DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against attacker controlled LDAP and other JNDI related endpoints by JNDI features. By sending a specially crafted code string, an attacker could exploit this vulnerability to load arbitrary Java code on the server and take complete control of the system. Note: The vulnerability is also called Log4Shell or LogJam. \nCVSS Base score: 10 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/214921](<https://exchange.xforce.ibmcloud.com/vulnerabilities/214921>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nProduct| Component| Platform| Version| Log4j Version \n---|---|---|---|--- \nIBM Maximo Scheduler Optimization | Application| Platform Independent| 8.0.0| \n\n2.13.2 \n \n## Remediation/Fixes\n\n**How to manually get Maximo Scheduler Optimization 8.0.0 (MSO) updated to Apache log4j 2.17.1 **\n\nUpdate the Maximo Scheduler Optimization 8.0.0 installed on Maximo Application Suite (MAS) to Version 8.0.3 of MSO.\n\n### Update **Maximo Scheduler Optimization** application\n\nWhen new versions of applications are available, you can update the deployed applications.\n\nTo update an application:\n\n 1. From the Suite Administration Applications pane, select the Addon tab and find the Maximo Scheduler Optimization application that you want to update.\n 2. On the application summary page confirm the 8.0.3 or > version, click **Update**\n\n**Product(s)**| **Version(s) \n**| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Maximo Scheduler Optimization | 8.0| \n\nUpdate [8.0](<https://www.ibm.com/docs/en/mas86/8.6.0?topic=ons-maximo-scheduler-optimization> \"8.0\" ) and follow [instructions](<https://www.ibm.com/docs/en/mas87/8.7.0?topic=ons-maximo-scheduler-optimization> \"instructions\" ) to get the 8.0.3 or > version \n \n## Workarounds and Mitigations\n\nFor MSO 8 version update to the latest version available 8.0.3\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-07-19T21:58:27", "type": "ibm", "title": "Security Bulletin: Apache log4j security vulnerability as it relates to IBM Maximo Scheduler Optimization - Apache Log4j - CVE-2021-45105 (affecting v2.16) and CVE-2021-45046 (affecting v2.15)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-07-19T21:58:27", "id": "BB785F5F4B456D5F3322E9222022F0E38411602612EBF72BC61AEEABF7FEC2A9", "href": "https://www.ibm.com/support/pages/node/6605437", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-28T01:44:25", "description": "## Summary\n\nEnterprise Content Management System Monitor is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046). Apache Log4j is used by Enterprise Content Management System Monitor as part of its logging infrastructure.The fix includes Apache Log4j v2.17.1\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nEnterprise Content Management System Monitor| 5.5 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading. \n\nPlease use below url of Fix Central to download fix:\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/FileNet+System+Monitor&release=5.5.5.0&platform=All&function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/FileNet+System+Monitor&release=5.5.5.0&platform=All&function=all>)\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/FileNet+System+Monitor&release=5.5.5.1&platform=All&function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/FileNet+System+Monitor&release=5.5.5.1&platform=All&function=all>)\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/FileNet+System+Monitor&release=5.5.7.0&platform=All&function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/FileNet+System+Monitor&release=5.5.7.0&platform=All&function=all>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-07-12T07:18:10", "type": "ibm", "title": "Security Bulletin: Enterprise Content Management System Monitor is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-07-12T07:18:10", "id": "7B60DE546B91D3886C995A5DE16291DEDDA95C96FC984BD69B852CF111B4C102", "href": "https://www.ibm.com/support/pages/node/6602951", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-28T01:45:34", "description": "## Summary\n\nBased on current information and analysis, IBM Jazz for Service Management does not use Apache log4j-core library which is vulnerable to CVE-2021-45105, CVE-2021-45046 . However, IBM Jazz for Service Management may be impacted because the old version of Log4j-1.2-api and Log4j-api are used in the application. \n\n## Vulnerability Details\n\n**CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n**DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n**DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nJazz for Service Management | 1.1.3 \n \n## Remediation/Fixes\n\n**Affected JazzSM Version** | **Recommended Fix.** \n---|--- \nJazz for Service Management versions 1.1.3 - 1.1.3.6 | \n\n**Note:** 1.1.3.13-TIV-JazzSM-DASH-iFix-0002 has been superseded by [1.1.3.13-TIV-JazzSM-DASH-iFix-0003](<https://www.ibm.com/support/pages/node/6536710> \"1.1.3.13-TIV-JazzSM-DASH-iFix-0002\" )\n\n1\\. Upgrade to any of the following: [1.1.3-TIV-JazzSM-multi-FP007, ](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> \"\" )[1.1.3-TIV-JazzSM-multi-FP008, ](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> \"\" )[1.1.3-TIV-JazzSM-multi-FP009, ](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> \"\" )[1.1.3-TIV-JazzSM-multi-FP010](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> \"\" ), [1.1.3-TIV-JazzSM-multi-FP011](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> \"\" ), [1.1.3-TIV-JazzSM-multi-FP012](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> \"\" ), [1.1.3-TIV-JazzSM-multi-FP013](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> \"\" )\n\n2\\. Install [1.1.3.13-TIV-JazzSM-DASH-iFix-0002.](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> \"1.1.3.13-TIV-JazzSM-DASH-iFix-0002\" ) (This fix supersedes 1.1.3.13-TIV-JazzSM-DASH-iFix-0001) \n \nJazz for Service Management versions 1.1.3.7 - 1.1.3.13 | \n\n**Note:** 1.1.3.13-TIV-JazzSM-DASH-iFix-0002 has been superseded by [1.1.3.13-TIV-JazzSM-DASH-iFix-0003](<https://www.ibm.com/support/pages/node/6536710> \"1.1.3.13-TIV-JazzSM-DASH-iFix-0002\" )\n\n1\\. Install [1.1.3.13-TIV-JazzSM-DASH-iFix-0003](<https://www.ibm.com/support/pages/node/6536710> \"1.1.3.13-TIV-JazzSM-DASH-iFix-0002\" )[.](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Jazz+for+Service+Management&release=All&platform=All&function=all> \"1.1.3.13-TIV-JazzSM-DASH-iFix-0002\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-06-10T16:52:58", "type": "ibm", "title": "Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerabilities(CVE-2021-45105, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-06-10T16:52:58", "id": "092A442A77CDFE46ED83F2F7A7AEC07007442443AE7B6D28BB557D1A8FE3BBB2", "href": "https://www.ibm.com/support/pages/node/6536710", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-28T01:47:58", "description": "## Summary\n\nApache Log4j library (CVE-2021-45105, CVE-2021-45046) is used to provide logging functionality for IBM Informix Dynamic Server in Cloud Pak for Data (CP4D). The fix includes Apache Log4j 2.17.1. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Informix Dynamic Server on Cloud Pak for Data (CP4D) \n| 4.0.0 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now by executing these manual steps.**\n\n 1. Upgrade your IBM Informix Dynamic Server 4.0.0 deployments to 4.0.2\n 2. Install the Informix operator version 4.0.2 (included in the CASE ibm-informix-operator-bundle-4.0.3.tgz)\n 3. Navigate to the official documentation for the Informix CP4D service (<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=services-informix>) and follow the steps in the \u201cUpgrading Informix\u201d to update any deployed Informix custom resource from 4.0.0 to 4.0.2\n\nThe Informix operator enables you to create Informix instances inside Cloud Pak for Data. The affected version of Log4j was used in one of micro-services deployed in the cluster when you deploy an Informix database instance within CP4D.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-04-01T21:40:46", "type": "ibm", "title": "Security Bulletin: IBM Informix Dynamic Server in Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-04-01T21:40:46", "id": "198E2723EA7A1CE1B7B95165E39923D5EC8AC5F2D17849CEEDD3695D8CF40623", "href": "https://www.ibm.com/support/pages/node/6568843", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-28T01:48:07", "description": "## Summary\n\nWatson Knowledge Catalog InstaScan uses Apache Log4j as part of its logging infrastructure. Hence it is vulnerable to denial of service (CVE-2021-45105) and arbitrary code execution (CVE-2021-45046). The fix includes Apache Log4j 2.17.1. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nWatson Knowledge Catalog InstaScan (StoredIQ)| \n\n1.1.1 to 1.1.7 \n \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.**\n\n**Affected Product(s)**| **Affected Version(s)**| **Remediation/Fix and Instructions** \n---|---|--- \nWatson Knowledge Catalog InstaScan (StoredIQ)| \n\n1.1.1 to 1.1.7\n\n| \n\n**Upgrade to Watson Knowledge Catalog InstaScan version 1.1.8**\n\n1\\. run the following command on the infrastructure node of the OpenShift cluster:\n\n./cpd-cli upgrade --repo **<your-repo.yaml>** -a wkc-instascan -n **<your-name-space>** \\--verbose --accept-all-licenses\n\nReplace **<your-repo.yaml>** with the name of the repository yaml file and **<your-name-space>** with the actual OpenShift project name (Kubernetes namespace) in which the product is installed. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-03-31T05:29:54", "type": "ibm", "title": "Security Bulletin: Watson Knowledge Catalog InstaScan is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-03-31T05:29:54", "id": "0C1804CEEC31BC3891CD11D25C3FF5366F208C6C862263628223F5F36164CF5F", "href": "https://www.ibm.com/support/pages/node/6568213", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-28T01:49:40", "description": "## Summary\n\nThe Apache Log4j library used by IBM Tivoli Netcool Impact is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046). The library is used by IBM Tivoli Netcool Impact to provide logging functionality. The fix includes Apache Log4j 2.17.1. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Netcool Impact| 7.1.0 \n \n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now.\n\nNote: This fix supersedes the previous fix provided for resolution of [CVE-2021-44228](<https://www.ibm.com/support/pages/node/6527266> \"CVE-2021-44228\" ) and [CVE-2021-45046](<https://www.ibm.com/support/pages/node/6528374> \"CVE-2021-45046\" ).\n\nProduct Name| VRMF| APAR| Remediation/Fix \n---|---|---|--- \nIBM Tivoli Netcool Impact| 7.1.0.18 - 7.1.0.24| IJ36885| ** \nFor 7.1.0.18 through 7.1.0.22:** \nUpgrade to the refreshed [Fix Pack 23](<https://www.ibm.com/support/pages/node/6481939> \"Fix Pack 23\" ) or refreshed [Fix Pack 24](<https://www.ibm.com/support/pages/ibm-tivoli-netcoolimpact-v710-fix-pack-24-710-tiv-nci-fp0024> \"Fix Pack 24\" ) \n\\--OR-- \nApply [Interim Fix 10 (7.1.0-TIV-NCI-IF0010)](<https://www.ibm.com/support/pages/node/6536702> \"Interim Fix 10 \$7.1.0-TIV-NCI-IF0010\$\" ) \n \n \n**For 7.1.0.23: \n**Upgrade to the refreshed [Fix Pack 24](<https://www.ibm.com/support/pages/ibm-tivoli-netcoolimpact-v710-fix-pack-24-710-tiv-nci-fp0024> \"Fix Pack 24\" ) \n\\--OR-- \nApply [Interim Fix 10 (7.1.0-TIV-NCI-IF0010)](<https://www.ibm.com/support/pages/node/6536702> \"Interim Fix 10 \$7.1.0-TIV-NCI-IF0010\$\" ) \n \n \n**For 7.1.0.24:** \nApply [Interim Fix 10 (7.1.0-TIV-NCI-IF0010)](<https://www.ibm.com/support/pages/node/6536702> \"Interim Fix 10 \$7.1.0-TIV-NCI-IF0010\$\" ) \n \n \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-02-04T16:23:44", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Log4j affect IBM Tivoli Netcool Impact (CVE-2021-45105, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-02-04T16:23:44", "id": "A31AAAB46398C4CA9F3552FA53EB3F0DB8FD1384559E2048B5321E5BB6936FB2", "href": "https://www.ibm.com/support/pages/node/6538694", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-28T01:49:42", "description": "## Summary\n\nIBM Data Management Platform for EnterpriseDB (EDB) Postgres Enterprise contains a component called EDB failover manager (EFM) and uses a version of log4j that impacts high availability in EDB. The upgraded EFM product contains Apache Log4j 2.17.1.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Data Management Platform for EDB Postgres Enterprise| 1.0 \nIBM Data Management Platform for EDB Postgres Enterprise | 2.0 \n \n\n\n## Remediation/Fixes\n\nThis applies for all versions listed in this security bulletin: \n\nIf EFM is being used as a quorum / failover strategy for IBM Data Management Platform for EDB Postgres Enterprise, IBM strongly recommends addressing the vulnerability now by upgrading their versions of EFM to EDB Failover Manager version 4.4 which contains Apache Log4j 2.17.1.\n\nIf EFM is not being used no further action is needed.\n\nPlease review for information only - EnterpriseDB's EFM Technical Alert here: <https://support.enterprisedb.com/support/s/detail/a4V2J000001VJn1UAG>\n\n## Workarounds and Mitigations\n\nIBM strongly recommends addressing the vulnerability now by upgrading the version of EFM (if being used) to the latest version 4.4 as noted in the remediation section above.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-02-02T19:47:50", "type": "ibm", "title": "Security Bulletin: IBM Data Management Platform for EDB Postgres Enterprise is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-02-02T19:47:50", "id": "0B7D327E5943F8BAC5B2E5CC855F0062D08A51BF03FA3BB29C4B6E081796EE73", "href": "https://www.ibm.com/support/pages/node/6552888", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-28T01:49:47", "description": "## Summary\n\nVulnerabilities in Apache Log4j could result in a denial of service or remote code execution. IBM Spectrum Protect Snapshot on Windows includes the IBM Spectrum Protect Backup-Archive Cliient which installs the vulnerable Log4j files. Based on current information and analysis, Log4j is not used by IBM Spectrum Protect Snapshot on Wiindows. The below fix package includes Apache Log4j 2.17.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Protect Snapshot for Windows (formerly IBM Tivoli Storage FlashCopy Manager for Windows)| 8.1.11.0-8.1.13.1 \nIBM Tivoli Storage FlashCopy Manager for Windows| \n\n4.1.6.10-4.1.6.x \n \nNote: IBM Spectrum Protect Snapshot for Windows packages the IBM Spectrum Protect Backup-Archive client which installs the affected Log4j files but these files are not used. \n\n## Remediation/Fixes\n\nIBM strongly recommends addressing this vulnerability now by upgrading.\n\n**Note: The below fix packages include Log4j 2.17.**\n\n**IBM Spectrum Protect** \n**Snapshot for Windows Affected Versions**| **Fixing** \n**Level**| **Platform**| **Link to Fix and Instructions \n** \n---|---|---|--- \n8.1.11.0-8.1.13.1| 8.1.13.2| Windows| <https://www.ibm.com/support/pages/node/6538126> \n4.1.6.10-4.1.6.x| Client Fixing Level is 7.1.8.14| Windows| \n\nApply the IBM Spectrum Protect Client 7.1.8.14 fix using this link \n<https://www.ibm.com/support/pages/node/316619> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-02-01T11:37:31", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Apache Log4j affect IBM Spectrum Protect Snapshot on Windows (CVE-2021-45105 and CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-02-01T11:37:31", "id": "67D7A2AD6D196C643D91F066E834B1EB9853338990881AE1012D2B5186629622", "href": "https://www.ibm.com/support/pages/node/6537642", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-28T01:49:45", "description": "## Summary\n\nVulnerabilities in Apache Log4j could result in a denial of service or remote code execution. These vulnerabilities may affect IBM Spectrum Protect Snapshot for VMware due to its use of Log4j for logging of messages and traces. The below fix package includes Log4j 2.17.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Protect Snapshot for VMware| 4.1.6.10-4.1.6.13 \n \n## Remediation/Fixes\n\nIBM strongly recommends addressing this vulnerability now by upgrading.\n\n**Note: The below fix package includes Log4j 2.17.**\n\n**_IBM Spectrum Protect Snapshot for VMware Affected Versions \n_**| **_Fixing \nLevel_**| **_Platform_**| **_Link to Fix and Instructions \n_** \n---|---|---|--- \n4.1.6.10-4.1.6.13| 4.1.6.14| Linux| <https://www.ibm.com/support/pages/node/6537580> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-02-01T11:37:31", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Apache Log4j affect IBM Spectrum Protect Snapshot for VMware (CVE-2021-45105 and CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-02-01T11:37:31", "id": "3220BFD68D0CE5B97E4EC49AFAD94FC9317DA5DFDBD73C624B022C3E93AC4268", "href": "https://www.ibm.com/support/pages/node/6537644", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-28T01:49:57", "description": "## Summary\n\nIBM Sterling Configure, Price, Quote uses Apache Log4j (CVE-2021-45105 and CVE-2021-45046) to log messages. The fix includes Apache Log4j v2.17.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling Configure, Price, Quote (CPQ)| 10 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.**\n\nCPQ Visual Modeler Version 10 FP24 is available on Fix central. Fix Central Link: [http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+Configurator&fixids=10.0.0.0-Sterling-VM-All-fp00024&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+Configurator&fixids=10.0.0.0-Sterling-VM-All-fp00024&source=SAR>)\n\nRelease Notes: <https://www.ibm.com/docs/en/configurepricequote/10.0?topic=modeler-defects-addressed-in-this-fix-pack>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-28T18:05:14", "type": "ibm", "title": "Security Bulletin: IBM Sterling Configure, Price, Quote is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-28T18:05:14", "id": "7DDD006076946810EADC174FC2320565F527D46FFF5270A3D6916BF8993B12F9", "href": "https://www.ibm.com/support/pages/node/6551954", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-28T01:49:59", "description": "## Summary\n\nThere are multiple Apache Log4j vulnerabilities (CVE-2021-45105, CVE-2021-45046) impacting IBM Decision Optimization for Cloud Pak for Data which uses Apache Log4j for logging. The fix includes Apache Log4j 2.17.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Decision Optimization for Cloud Pak for Data **3.5 - 3.5.10** and **4.0 - 4.0.4**.\n\n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now. \n\nUpgrade to IBM Decision Optimization for Cloud Pak for Data **3.5.11**, **4.0.5** or higher. \n \nHere is the detailed information on [Upgrading IBM Cloud Pak for Data](<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=upgrading> \"Upgrading IBM Cloud Pak for Data\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-27T07:32:50", "type": "ibm", "title": "Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105) and arbitrary code execution due to Apache Log4j (CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-27T07:32:50", "id": "BC3A1086428BA3DB72FFD49EA27AAB3A8A9FA0DD5D576D47E0467AE96C365754", "href": "https://www.ibm.com/support/pages/node/6551376", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-28T01:49:59", "description": "## Summary\n\nThere are multiple Apache Log4j vulnerabilities (CVE-2021-45105, CVE-2021-45046) impacting IBM Cloud Pak for Data which uses Apache Log4j for logging. The fix includes Apache Log4j 2.17.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Cloud Pak for Data| 4.0.4 \nIBM Cloud Pak for Data| 3.5 (all previous versions) \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now**\n\n**Affected Product(s)**\n\n| **Version(s)**| **Remediation/Fix** \n---|---|--- \nIBM Cloud Pak for Data| 4.0.4| \n\n[4.0.5](<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=planning-operator-operand-versions#versions__cpd-platform> \"4.0.5\" ) \n \nIBM Cloud Pak for Data| 3.5 (all previous versions)| \n\n[3.5.10](<https://www.ibm.com/docs/en/cloud-paks/cp-data/3.5.0?topic=overview-whats-new#whats-new__refresh-10> \"3.5.10\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-27T02:50:36", "type": "ibm", "title": "Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-27T02:50:36", "id": "0D6234D366BD8E5B02C4B7507046A503B63D0B4B38E06DEEBC5B6B98A5E2C80E", "href": "https://www.ibm.com/support/pages/node/6551326", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-28T01:49:58", "description": "## Summary\n\nIBM Watson Assistant for IBM Cloud Pak for Data uses Apache Log4j to log diagnostic data. Vulnerabilities in Apache Log4j (CVE-2021-45105 and CVE-2021-45046) impacts IBM Watson Assistant for IBM Cloud Pak for Data. The fix includes Apache Log4j v.2.17.0. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Watson Assistant for IBM Cloud Pak for Data| 1.5.0, 4.0.0, 4.0.2, 4.0.4 \n \n \n\n\n## Remediation/Fixes\n\nFor all affected versions, IBM strongly recommends addressing the vulnerability now by upgrading to the upcoming latest (v4.0.5) release of IBM Watson Assistant for IBM Cloud Pak for Data which maintains backward compatibility with the versions listed above. \n\n**Product Latest Version**| **Remediation/Fix/Instructions** \n---|--- \nIBM Watson Assistant for IBM Cloud Pak for Data 4.0.5| \n\nFollow instructions for Installing Watson Assistant in Link to Release (v4.0.5 release information)\n\n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=assistant-installing-watson> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-27T17:31:15", "type": "ibm", "title": "Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-27T17:31:15", "id": "7295DCCE494A2CA195C0EC2BD4F052B62F3E1B45826D03ABBF986B81F58BDD31", "href": "https://www.ibm.com/support/pages/node/6551430", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-28T01:49:58", "description": "## Summary\n\nMultiple vulnerabilities identified within the Apache Log4j (CVE-2021-45105 and CVE-2021-45046) library that is used by IBM Tivoli Network Manager (ITNM) IP Edition to provide logging functionality. The fix includes Apache Log4j v2.17. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nITNM| 4.2 GA through to 4.2.0.13 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.**\n\nThis issue has been fixed in ITNM 4.2 Fix Pack 14 (i.e. 4.2.0.14) and upgrade it to the latest (i.e. 4.2.0.14) from fix central\n\n**Affected Product(s)**| **Version(s)**| **Remediation / Fix \n** \n---|---|--- \nITNM| 4.2 GA through to 4.2.0.13| \n\n[4.2.0-TIV-ITNMIP-Linux-FP0014](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Network+Manager+IP+Edition&fixids=4.2.0-TIV-ITNMIP-Linux-FP0014&source=SAR>)\n\n[4.2.0-TIV-ITNMIP-zLinux-FP0014](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Network+Manager+IP+Edition&fixids=4.2.0-TIV-ITNMIP-zLinux-FP0014&source=SAR>)\n\n[4.2.0-TIV-ITNMIP-AIX-FP0014](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Network+Manager+IP+Edition&fixids=4.2.0-TIV-ITNMIP-AIX-FP0014&source=SAR>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-27T13:02:53", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Network Manager IP Edition is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-27T13:02:53", "id": "FC9172D16F62D7749E6C1369AB9D86ABC42163C780B457F765109BE80ACAD9CF", "href": "https://www.ibm.com/support/pages/node/6551390", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-28T01:36:57", "description": "## Summary\n\nVulnerabilities in Apache Log4j (CVE-2021-45105, CVE-2021-45046) impacts IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data. Several components of IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data use Apache Log4j to log diagnostic data unrelated to customer input. The fix below includes Apache Log4j 2.17.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.0.0 - 4.0.4 \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data | 1.2.0 -1.2.1 (Cloud Pak 3.5) \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading. \n\n**Affected Products**| **Versions**| **Fixes** \n---|---|--- \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.0.0 - 4.0.4| \n\n \nv4.0.5 For Text to Speech:\n\n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=services-watson-text-speech>\n\nv4.0.5 For Speech to Text:\n\n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=services-watson-speech-text> \n \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 1.2.0 -1.2.1 (Cloud Pak 3.5) | \n\nTo get the Apache Log4j fix, upgrade to v4.0.5.\n\nv4.0.5 For Text to Speech:\n\n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=services-watson-text-speech>\n\nv4.0.5 For Speech to Text:\n\n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=services-watson-speech-text> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2023-01-12T21:59:00", "type": "ibm", "title": "Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2023-01-12T21:59:00", "id": "CF56D9AEC134D68DA67A2476D2B87833F63F32777672C1C66A8D8FF69C08623B", "href": "https://www.ibm.com/support/pages/node/6551168", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-28T01:50:03", "description": "## Summary\n\nThere are multiple Apache Log4j vulnerabilities (CVE-2021-45105, CVE-2021-45046) impacting IBM Watson Studio in Cloud Pak for Data which uses Apache Log4j for logging. The fix includes Apache Log4j 2.17.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nWatson Studio in Cloud Pak for Data| 4.0.4 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading. \n\n**Affected Product(s)**| **Version(s)**| \n\n**Remediation/Fix** \n \n---|---|--- \nWatson Studio in Cloud Pak for Data| 4.0.4| \n\nGet the latest Watson Studio by upgrading to [4.0.5](<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=planning-operator-operand-versions#versions__cpd-platform> \"4.0.5\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-27T02:06:21", "type": "ibm", "title": "Security Bulletin: IBM Watson Studio in Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-27T02:06:21", "id": "D6A22AE665DEADE235C2738407D64638A424C6CC505B816BFEA12DEFCC5CD645", "href": "https://www.ibm.com/support/pages/node/6551314", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-28T01:50:00", "description": "## Summary\n\nThere are multiple Apache Log4j (CVE-2021-45105, CVE-2021-45046) vulnerabilities impacting IBM Watson Studio Premium Add On in Cloud Pak for Data which uses Apache Log4j for logging. The fix includes Apache Log4j 2.17.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-45105](<https://vulners.com/cve/CVE-2021-45105>) \n** DESCRIPTION: **Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process. Note: The vulnerability is also called LOG4J2-3230. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215647>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-45046](<https://vulners.com/cve/CVE-2021-45046>) \n** DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments. \nCVSS Base score: 9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/215195](<https://exchange.xforce.ibmcloud.com/vulnerabilities/215195>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \n \nIBM Watson Studio Premium Add On in Cloud Pak for Data\n\n| 4.0.4 \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now **\n\n**Affected Product(s)**\n\n| **Version(s)**| **Fixes** \n---|---|--- \nIBM Watson Studio Premium Add On in Cloud Pak for Data| 4.0.4| \n\nGet the latest refresh by upgrading to [4.0.5](<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=planning-operator-operand-versions#versions__cpd-platform> \"4.0.5\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-27T02:01:54", "type": "ibm", "title": "Security Bulletin: IBM Watson Studio Premium Add On in Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105"], "modified": "2022-01-27T02:01:54", "id": "5FAA10ECBDD6BDD67568DC782206BEA34BD7120E44FD8D30001A968A438E5C77", "href": "https://www.ibm.com/support/pages/node/6551312", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-12-08T16:45:47", "description": "IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 8 to version 8 SR7.\n\nSecurity Fix(es):\n\n* Oracle JDK: unspecified vulnerability fixed in 8u311 (Deployment) (CVE-2021-35560)\n\n* OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565)\n\n* OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)\n\n* OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)\n\n* OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564)\n\n* OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)\n\n* OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)\n\n* IBM JDK: IllegalAccessError exception not thrown for MethodHandles that invoke inaccessible interface methods (CVE-2021-41035)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-12-08T16:11:56", "type": "redhat", "title": "(RHSA-2021:5030) Important: java-1.8.0-ibm security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-41035"], "modified": "2021-12-08T16:14:42", "id": "RHSA-2021:5030", "href": "https://access.redhat.com/errata/RHSA-2021:5030", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-10T00:00:00", "description": "IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 8 to version 8 SR7.\n\nSecurity Fix(es):\n\n* Oracle JDK: unspecified vulnerability fixed in 8u311 (Deployment) (CVE-2021-35560)\n\n* OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565)\n\n* OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)\n\n* OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)\n\n* OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564)\n\n* OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)\n\n* OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)\n\n* IBM JDK: IllegalAccessError exception not thrown for MethodHandles that invoke inaccessible interface methods (CVE-2021-41035)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-02-01T15:01:14", "type": "redhat", "title": "(RHSA-2022:0345) Important: java-1.8.0-ibm security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-41035"], "modified": "2022-02-01T15:02:47", "id": "RHSA-2022:0345", "href": "https://access.redhat.com/errata/RHSA-2022:0345", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-27T15:31:04", "description": "IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR5.\n\nSecurity Fix(es):\n\n* OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565)\n\n* OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)\n\n* OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)\n\n* OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564)\n\n* OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)\n\n* IBM JDK: IllegalAccessError exception not thrown for MethodHandles that invoke inaccessible interface methods (CVE-2021-41035)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-01-27T13:57:58", "type": "redhat", "title": "(RHSA-2022:0310) Important: java-1.7.1-ibm security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35586", "CVE-2021-41035"], "modified": "2022-01-27T14:03:25", "id": "RHSA-2022:0310", "href": "https://access.redhat.com/errata/RHSA-2022:0310", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-26T18:39:04", "description": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565)\n\n* OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567)\n\n* OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550)\n\n* OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)\n\n* OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)\n\n* OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)\n\n* OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564)\n\n* OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)\n\n* OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)\n\n* OpenJDK: Incomplete validation of inner class references in ClassFileParser (Hotspot, 8268071) (CVE-2021-35588)\n\n* OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 4.0}, "published": "2021-10-20T12:37:16", "type": "redhat", "title": "(RHSA-2021:3884) Important: java-1.8.0-openjdk security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35550", "CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35561", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35567", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-35603"], "modified": "2021-10-20T12:39:59", "id": "RHSA-2021:3884", "href": "https://access.redhat.com/errata/RHSA-2021:3884", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-11-26T18:42:10", "description": "The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nThis release of the Red Hat build of OpenJDK 8 (1.8.0.312) for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 (1.8.0.302) and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565)\n\n* OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567)\n\n* OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550)\n\n* OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)\n\n* OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)\n\n* OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)\n\n* OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564)\n\n* OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)\n\n* OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)\n\n* OpenJDK: Incomplete validation of inner class references in ClassFileParser (Hotspot, 8268071) (CVE-2021-35588)\n\n* OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 4.0}, "published": "2021-10-25T11:51:34", "type": "redhat", "title": "(RHSA-2021:3960) Important: OpenJDK 8u312 security update for Portable Linux Builds", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35550", "CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35561", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35567", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-35603"], "modified": "2021-10-25T11:52:01", "id": "RHSA-2021:3960", "href": "https://access.redhat.com/errata/RHSA-2021:3960", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-11-26T18:38:06", "description": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565)\n\n* OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567)\n\n* OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550)\n\n* OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)\n\n* OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)\n\n* OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)\n\n* OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564)\n\n* OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)\n\n* OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)\n\n* OpenJDK: Incomplete validation of inner class references in ClassFileParser (Hotspot, 8268071) (CVE-2021-35588)\n\n* OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 4.0}, "published": "2021-10-20T12:38:58", "type": "redhat", "title": "(RHSA-2021:3885) Important: java-1.8.0-openjdk security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35550", "CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35561", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35567", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-35603"], "modified": "2021-10-20T12:43:58", "id": "RHSA-2021:3885", "href": "https://access.redhat.com/errata/RHSA-2021:3885", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-11-26T18:40:00", "description": "The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nThis release of the Red Hat build of OpenJDK 8 (1.8.0.312) for Windows serves as a replacement for the Red Hat build of OpenJDK 8 (1.8.0.302) and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565)\n\n* OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567)\n\n* OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550)\n\n* OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)\n\n* OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)\n\n* OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)\n\n* OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564)\n\n* OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)\n\n* OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)\n\n* OpenJDK: Incomplete validation of inner class references in ClassFileParser (Hotspot, 8268071) (CVE-2021-35588)\n\n* OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 4.0}, "published": "2021-10-25T11:51:36", "type": "redhat", "title": "(RHSA-2021:3961) Important: OpenJDK 8u312 Windows Builds release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35550", "CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35561", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35567", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-35603"], "modified": "2021-10-25T11:52:12", "id": "RHSA-2021:3961", "href": "https://access.redhat.com/errata/RHSA-2021:3961", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-11-26T18:37:36", "description": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565)\n\n* OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567)\n\n* OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550)\n\n* OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)\n\n* OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)\n\n* OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)\n\n* OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564)\n\n* OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)\n\n* OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)\n\n* OpenJDK: Incomplete validation of inner class references in ClassFileParser (Hotspot, 8268071) (CVE-2021-35588)\n\n* OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* A defensive security change in an earlier OpenJDK update led to a performance degradation when using the Scanner class. This was due to the change being applied to many common cases that did not need this protection. With this update, we provide the original behaviour for these cases. (RHBZ#1862929)", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 4.0}, "published": "2021-10-20T12:40:28", "type": "redhat", "title": "(RHSA-2021:3889) Important: java-1.8.0-openjdk security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35550", "CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35561", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35567", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-35603"], "modified": "2021-10-20T12:52:18", "id": "RHSA-2021:3889", "href": "https://access.redhat.com/errata/RHSA-2021:3889", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-11-26T18:37:18", "description": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565)\n\n* OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567)\n\n* OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550)\n\n* OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)\n\n* OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)\n\n* OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)\n\n* OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564)\n\n* OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)\n\n* OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)\n\n* OpenJDK: Incomplete validation of inner class references in ClassFileParser (Hotspot, 8268071) (CVE-2021-35588)\n\n* OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Previously, OpenJDK's FIPS mode would be enabled if it detected that the system crypto policy was set to FIPS. This meant that containers running on a FIPS mode kernel would not enable FIPS mode without the crypto policy being changed. With this update, OpenJDK queries the NSS library as to whether FIPS mode is active or not. (RHBZ#2014201)\n\n* The use of the NSS FIPS mode by OpenJDK requires the JDK to login to the NSS software token. Previously, this happened indirectly as part of some crypto operations, but not others. With this update, the JDK logs in to the token on initialisation. (RHBZ#2014204)\n\n* While in FIPS mode, the NSS Software Token does not allow the import of private or secret plain keys. This caused the OpenJDK keytool application to fail when used with OpenJDK in FIPS mode. With this update, OpenJDK will now import such keys into the NSS database. This behaviour may be disabled using -Dcom.redhat.fips.plainKeySupport=false. (RHBZ#2014193)", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 4.0}, "published": "2021-10-20T12:38:15", "type": "redhat", "title": "(RHSA-2021:3893) Important: java-1.8.0-openjdk security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35550", "CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35561", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35567", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35588", "CVE-2021-35603"], "modified": "2021-10-20T12:43:27", "id": "RHSA-2021:3893", "href": "https://access.redhat.com/errata/RHSA-2021:3893", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-11-26T18:37:37", "description": "The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.\n\nThis release of the Red Hat build of OpenJDK 11 (11.0.13) for Windows serves as a replacement for the Red Hat build of OpenJDK 11 (11.0.12) and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565)\n\n* OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567)\n\n* OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550)\n\n* OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)\n\n* OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)\n\n* OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)\n\n* OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564)\n\n* OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)\n\n* OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)\n\n* OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 4.0}, "published": "2021-10-25T12:20:28", "type": "redhat", "title": "(RHSA-2021:3968) Important: OpenJDK 11.0.13 security update for Windows Builds", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35550", "CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35561", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35567", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35603"], "modified": "2021-10-25T12:20:41", "id": "RHSA-2021:3968", "href": "https://access.redhat.com/errata/RHSA-2021:3968", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-11-26T18:38:06", "description": "The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565)\n\n* OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567)\n\n* OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550)\n\n* OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)\n\n* OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)\n\n* OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)\n\n* OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564)\n\n* OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)\n\n* OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)\n\n* OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 4.0}, "published": "2021-10-20T12:36:57", "type": "redhat", "title": "(RHSA-2021:3886) Important: java-11-openjdk security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35550", "CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35561", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35567", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35603"], "modified": "2021-10-20T12:39:16", "id": "RHSA-2021:3886", "href": "https://access.redhat.com/errata/RHSA-2021:3886", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-11-26T18:38:21", "description": "The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565)\n\n* OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567)\n\n* OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550)\n\n* OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)\n\n* OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)\n\n* OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)\n\n* OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564)\n\n* OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)\n\n* OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)\n\n* OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 4.0}, "published": "2021-10-20T12:41:00", "type": "redhat", "title": "(RHSA-2021:3891) Important: java-11-openjdk security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35550", "CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35561", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35567", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35603"], "modified": "2021-10-20T12:44:48", "id": "RHSA-2021:3891", "href": "https://access.redhat.com/errata/RHSA-2021:3891", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-11-26T18:37:27", "description": "The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.\n\nThis release of the Red Hat build of OpenJDK 11 (11.0.13) for portable Linux serves as a replacement for the Red Hat build of OpenJDK 11 (11.0.12) and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565)\n\n* OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567)\n\n* OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550)\n\n* OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)\n\n* OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)\n\n* OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)\n\n* OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564)\n\n* OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)\n\n* OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)\n\n* OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 4.0}, "published": "2021-10-25T12:20:25", "type": "redhat", "title": "(RHSA-2021:3967) Important: OpenJDK 11.0.13 security update for Portable Linux Builds", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35550", "CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35561", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35567", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35603"], "modified": "2021-10-25T12:20:40", "id": "RHSA-2021:3967", "href": "https://access.redhat.com/errata/RHSA-2021:3967", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-11-26T18:40:09", "description": "The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565)\n\n* OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567)\n\n* OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550)\n\n* OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)\n\n* OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)\n\n* OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)\n\n* OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564)\n\n* OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)\n\n* OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)\n\n* OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 4.0}, "published": "2021-10-20T12:39:20", "type": "redhat", "title": "(RHSA-2021:3887) Important: java-11-openjdk security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35550", "CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35561", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35567", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35603"], "modified": "2021-10-20T12:44:45", "id": "RHSA-2021:3887", "href": "https://access.redhat.com/errata/RHSA-2021:3887", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-11-26T18:39:55", "description": "The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565)\n\n* OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567)\n\n* OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550)\n\n* OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)\n\n* OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)\n\n* OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)\n\n* OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564)\n\n* OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)\n\n* OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)\n\n* OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Previously, uninstalling the OpenJDK RPMs attempted to remove a client directory that did not exist. This directory is no longer used in java-11-openjdk and all references to it have now been removed. (RHBZ#1698873)", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 4.0}, "published": "2021-10-20T12:46:24", "type": "redhat", "title": "(RHSA-2021:3892) Important: java-11-openjdk security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35550", "CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35561", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35567", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35603"], "modified": "2021-10-20T13:13:46", "id": "RHSA-2021:3892", "href": "https://access.redhat.com/errata/RHSA-2021:3892", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-11-26T18:41:52", "description": "The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.\n\nThis release of the Red Hat build of OpenJDK 17 (17.0.1) for Windows serves as the initial Windows release of OpenJDK 17. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567)\n\n* OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)\n\n* OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)\n\n* OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)\n\n* OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564)\n\n* OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)\n\n* OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)\n\n* OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 4.0}, "published": "2021-11-11T18:26:09", "type": "redhat", "title": "(RHSA-2021:4531) Important: OpenJDK 17.0.1 security update for Windows Builds", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.3, "vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35561", "CVE-2021-35564", "CVE-2021-35567", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35603"], "modified": "2021-11-11T18:26:22", "id": "RHSA-2021:4531", "href": "https://access.redhat.com/errata/RHSA-2021:4531", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:C/I:N/A:N"}}, {"lastseen": "2021-11-26T18:37:46", "description": "The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.\n\nThis release of the Red Hat build of OpenJDK 17 (17.0.1) for portable Linux serves as the initial portable Linux release of OpenJDK 17. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567)\n\n* OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)\n\n* OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)\n\n* OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)\n\n* OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564)\n\n* OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)\n\n* OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)\n\n* OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 4.0}, "published": "2021-11-11T18:26:11", "type": "redhat", "title": "(RHSA-2021:4532) Important: OpenJDK 17.0.1 security update for Portable Linux Builds", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.3, "vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35561", "CVE-2021-35564", "CVE-2021-35567", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35603"], "modified": "2021-11-11T18:26:38", "id": "RHSA-2021:4532", "href": "https://access.redhat.com/errata/RHSA-2021:4532", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:C/I:N/A:N"}}, {"lastseen": "2021-11-26T18:37:47", "description": "The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567)\n\n* OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)\n\n* OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)\n\n* OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)\n\n* OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564)\n\n* OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)\n\n* OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)\n\n* OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 4.0}, "published": "2021-11-09T19:26:37", "type": "redhat", "title": "(RHSA-2021:4135) Important: java-17-openjdk security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.3, "vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35561", "CVE-2021-35564", "CVE-2021-35567", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-35603"], "modified": "2021-11-09T19:36:58", "id": "RHSA-2021:4135", "href": "https://access.redhat.com/errata/RHSA-2021:4135", "cvss": {"score": 6.3, "vector": "AV:N/AC:M/Au:S/C:C/I:N/A:N"}}], "nessus": [{"lastseen": "2023-03-27T15:16:10", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0345 advisory.\n\n - OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)\n\n - OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)\n\n - Oracle JDK: unspecified vulnerability fixed in 8u311 (Deployment) (CVE-2021-35560)\n\n - OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564)\n\n - OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565)\n\n - OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)\n\n - OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)\n\n - IBM JDK: IllegalAccessError exception not thrown for MethodHandles that invoke inaccessible interface methods (CVE-2021-41035)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-01T00:00:00", "type": "nessus", "title": "RHEL 8 : java-1.8.0-ibm (RHSA-2022:0345)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35556", "CVE-2021-35559", "CVE-2021-35560", "CVE-2021-35564", "CVE-2021-35565", "CVE-2021-35578", "CVE-2021-35586", "CVE-2021-41035"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-headless", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-src", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-webstart"], "id": "REDHAT-RHSA-2022-0345.NASL", "href": "https://www.tenable.com/plugins/nessus/157295", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:0345. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157295);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2021-35556\",\n \"CVE-2021-35559\",\n \"CVE-2021-35560\",\n \"CVE-2021-35564\",\n \"CVE-2021-35565\",\n \"CVE-2021-35578\",\n \"CVE-2021-35586\",\n \"CVE-2021-41035\"\n );\n script_xref(name:\"RHSA\", value:\"2022:0345\");\n script_xref(name:\"IAVA\", value:\"2021-A-0481-S\");\n\n script_name(english:\"RHEL 8 : java-1.8.0-ibm (RHSA-2022:0345)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:0345 advisory.\n\n - OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556)\n\n - OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559)\n\n - Oracle JDK: unspecified vulnerability fixed in 8u311 (Deployment) (CVE-2021-35560)\n\n - OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137)\n (CVE-2021-35564)\n\n - OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565)\n\n - OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578)\n\n - OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586)\n\n - IBM JDK: IllegalAccessError exception not thrown for MethodHandles that invoke inaccessible interface\n methods (CVE-2021-41035)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35560\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-41035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:0345\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2014508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2014515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2014518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2015061\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2015308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2015653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2027731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2027791\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41035\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 476, 732, 770, 835);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-webstart\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'java-1.8.0-ibm-1.8.0.7.0-1.el8_5', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-ibm-1.8.0.7.0-1.el8_5', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-ibm-demo-1.8.0.7.0-1.el8_5', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-ibm-demo-1.8.0.7.0-1.el8_5', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-ibm-devel-1.8.0.7.0-1.el8_5', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-ibm-devel-1.8.0.7.0-1.el8_5', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-ibm-headless-1.8.0.7.0-1.el8_5', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-ibm-headless-1.8.0.7.0-1.el8_5', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-ibm-jdbc-1.8.0.7.0-1.el8_5', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-ibm-jdbc-1.8.0.7.0-1.el8_5', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-ibm-plugin-1.8.0.7.0-1.el8_5', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-ibm-src-1.8.0.7.0-1.el8_5', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-ibm-src-1.8.0.7.0-1.el8_5', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'java-1.8.0-ibm-webstart-1.8.0.7.0-1.el8_5', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dis

Security Bulletin: Multiple Security Vulnerabilities Affect IBM Cloud Transformation Advisor

Description

Affected Software

Related