Lucene search

IBMAF16544CF51A4F7923F04553B1B74AE8664BDDE3233FF3E2FF3463B7F492BA35

HistoryNov 27, 2023 - 11:21 p.m.

Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to a remote attacker causing integrity impacts due to the libraries component (CVE-2023-22049).

2023-11-2723:21:24

www.ibm.com

ibm i

java sdk

runtime

vulnerable

remote attacker

low integrity

ptf group

vulnerability fix

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

22.1%

JSON

Summary

IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to a remote attacker causing a low integrity impact due to an unspecified vulnerability in the libraries component as described in the vulnerability details section. The vulnerability is fixed by applying an IBM i PTF Group for Java as described in the remediation/fixes section.

Vulnerability Details

CVEID:CVE-2023-22049
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow a remote attacker to cause low integrity impacts.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261048 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM i	7.5
IBM i	7.4
IBM i	7.3

Remediation/Fixes

The vulnerability can be fixed by applying the latest Java PTF Group. Releases 7.5, 7.4, and 7.3, of IBM i will be fixed.

The IBM i PTF Group numbers contain the fix for the vulnerability. Future PTF Groups for Java will also contain the fix for the vulnerability.

IBM i Release	5770-JV1 PTF Group Number and Level	PTF Download Link
7.5

SF99955 Level 7

<https://www.ibm.com/support/pages/uid/nas4SF99955>

7.4|

SF99665 Level 20

<https://www.ibm.com/support/pages/uid/nas4SF99665>

7.3|

SF99725 Level 30

| <https://www.ibm.com/support/pages/uid/nas4SF99725>

Please see the Java document at this URL for the latest Java information for IBM i:
<https://www.ibm.com/support/pages/java-ibm-i>

If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the “IBM Java SDK Security Vulnerabilities”, located in the References section for more information.

Important note: IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm i 7.5 preventative service planningeq7.5.0

CPE	Name	Operator	Version
	ibm i 7.5 preventative service planning	eq	7.5.0