9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
83.3%
There is a Dojo vulnerability in WebSphere Liberty used by SPSS Collaboration and Deployment Services. This issue has been addressed.
CVEID:CVE-2021-23450
**DESCRIPTION:**Dojo could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the setObject function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216463 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
SPSS Collaboration and Deployment Services | 8.2 |
SPSS Collaboration and Deployment Services | 8.2.1 |
SPSS Collaboration and Deployment Services | 8.2.2 |
IBM strongly recommends addressing the vulnerability now by installing the fix listed.
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
SPSS Collaboration and Deployment Services| 8.2.0.0| PH45761| 8.2.0.0
SPSS Collaboration and Deployment Services| 8.2.1.0| PH45761| 8.2.1.0
SPSS Collaboration and Deployment Services| 8.2.2.0| PH45761| 8.2.2.0
Fixes for Components:
SPSS Collaboration and Deployment Services Repository Server deployed to WebSphere Liberty profile (8.2, 8.2.1, 8.2.2)
Important Notes:
For the Repository Server deployed to WebSphere Application Server traditional, please refer to WebSphere document WebSphere Application Server Security Bulletin - CVE-2021-23450 and upgrade WebSphere traditional from IBM Installation Manager.
You should verify applying this fix does not cause any compatibility issues in your environment.
None
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
83.3%