Lucene search

K
ibmIBMAE3C056A0F712996CFFA92467F764A8B5A5F9B6B3C97656DFDFFB034B3DDEDE1
HistorySep 14, 2022 - 3:28 p.m.

Security Bulletin: A vulnerability has been identified in IBM® SDK, Java™ Technology Edition shipped with IBM Digital Business Automation Workflow family products (CVE-2021-2341)

2022-09-1415:28:14
www.ibm.com
23

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

45.6%

Summary

IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Enterprise Service Bus. Information about a security vulnerability affecting IBM® SDK, Java™ Technology Edition have been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
IBM Business Automation Workflow V21.0
V20.0
V19.0
V18.0
IBM Business Process Manager V8.6
V8.5
WebSphere Enterprise Service Bus V7.5
V7.0

For earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.

Note that Cumulative Fixes cannot automatically install interim fixes for the base Application Server. It is important to follow the complete installation instructions and manually ensure that recommended security fixes are installed.

Remediation/Fixes

Please consult the Security Bulletin: CVE-2021-2341 may affect IBM® SDK, Java™ Technology Edition for vulnerability details. Note that IBM® Java SDK in WebSphere Application Server is updated to 8.0.6.35 (which includes the required fix) with Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server July 2021 CPU.

Workarounds and Mitigations

None

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

45.6%