Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMB43B19786F65976E613C18EF94099EF53A58D928A37048D0C30EE70992018BC3
HistoryMar 17, 2023 - 7:28 p.m.

Security Bulletin: Vulnerabilites in Java SE affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Virtual Environments and IBM Spectrum Protect for Space Management (CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619)

2023-03-1719:28:51
www.ibm.com
6

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

59.0%

JSON

Summary

IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Virtual Environments (Data Protection for Microsoft Hyper-V and Data Protection for VMware), and IBM Spectrum Protect for Space Management can be affected by vulnerabilities in Java SE. Vulnerabilities include denial of service and update, insert or delete of data, as described by the CVEs in the “Vulnerability Details” section.

Vulnerability Details

CVEID:CVE-2022-21628
**DESCRIPTION:**Java SE is vulnerable to a denial of service, caused by a flaw in the Lightweight HTTP Server. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238623 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2022-21626
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238689 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2022-21624
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to update, insert or delete data resulting in a low integrity impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238699 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2022-21619
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to update, insert or delete data resulting in a low integrity impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238698 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Product Versions
IBM Spectrum Protect Backup-Archive Client 8.1.0.0 - 8.1.17.0
IBM Spectrum Protect for Space Management 8.1.0.0 - 8.1.17.0
IBM Spectrum Protect for Virtual Environments: Data Protection for Microsoft Hyper-V 8.1.0.0 - 8.1.17.0
IBM Spectrum Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 - 8.1.17.0

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.

**Product ** Fixing level Platforms Link to fix and instructions
IBM Spectrum Protect Backup-Archive Client 8.1.17.2 AIX
HP-UX
Linux
Macintosh
Solaris
Windows <https://www.ibm.com/support/pages/node/6832422&gt;
IBM Spectrum Protect for Space Management 8.1.17.2 AIX
Linux <https://www.ibm.com/support/pages/node/6833196&gt;
IBM Spectrum Protect for Virtual Environments: Data Protection for Microsoft Hyper-V 8.1.17.2 Windows <https://www.ibm.com/support/pages/node/6827869&gt;
IBM Spectrum Protect for Virtual Environments: Data Protection for VMware 8.1.17.2 Linux
Windows <https://www.ibm.com/support/pages/node/6827869&gt;

Workarounds and Mitigations

None

Related

nessus 64
almalinux 6
redhat 23
openvas 19
osv 13
ibm 47
oraclelinux 8
rocky 6
centos 2
amazon 4
fedora 3
f5 1
broadcom 1
ubuntu 1
kaspersky 1
nessus
nessus
Amazon Corretto Java 8.x < 8.352.08.1 Multiple Vulnerabilities
2022-10-18 00:00:00
EulerOS 2.0 SP5 : java-1.8.0-openjdk (EulerOS-SA-2023-1506)
2023-03-08 00:00:00
RHEL 8 : java-1.8.0-openjdk (RHSA-2022:7003)
2022-10-20 00:00:00
almalinux
almalinux
Moderate: java-1.8.0-openjdk security update
2022-10-19 00:00:00
Moderate: java-1.8.0-openjdk security update
2022-10-20 00:00:00
Moderate: java-17-openjdk security and bug fix update
2022-10-19 00:00:00
redhat
redhat
(RHSA-2023:0128) Moderate: java-1.8.0-ibm security update
2023-01-12 08:29:37
(RHSA-2022:7049) Moderate: OpenJDK 8u352 Windows Security Update
2022-10-20 10:07:20
(RHSA-2022:7003) Moderate: java-1.8.0-openjdk security update
2022-10-19 21:07:12
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:4373-1)
2022-12-09 00:00:00
CentOS: Security Advisory for java (CESA-2022:7002)
2022-10-27 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:4452-1)
2022-12-14 00:00:00
osv
osv
Moderate: java-1.8.0-openjdk security update
2022-10-20 07:34:19
Moderate: java-1.8.0-openjdk security update
2022-10-19 21:13:39
Moderate: java-1.8.0-openjdk security update
2022-10-19 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in IBM Java (CVE-2022-21628, CVE-2022-21626, CVE-2022-21624 and CVE-2022-21619) affects Power HMC
2023-02-10 04:02:57
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester
2022-12-05 17:59:09
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects App Connect Professional.
2023-02-01 06:06:10
oraclelinux
oraclelinux
java-1.8.0-openjdk security and bug fix update
2022-10-21 00:00:00
java-1.8.0-openjdk security update
2022-10-21 00:00:00
java-1.8.0-openjdk security update
2022-10-21 00:00:00
rocky
rocky
java-1.8.0-openjdk security update
2022-10-20 07:34:19
java-1.8.0-openjdk security update
2022-10-19 21:13:39
java-17-openjdk security and bug fix update
2022-10-20 07:37:48
centos
centos
java security update
2022-10-26 14:19:03
java security update
2022-10-26 14:18:08
amazon
amazon
Medium: java-1.8.0-openjdk
2023-01-31 20:44:00
Medium: java-1.8.0-openjdk
2023-01-30 16:02:00
Medium: java-11-amazon-corretto
2022-10-17 21:46:00
fedora
fedora
[SECURITY] Fedora 37 Update: java-1.8.0-openjdk-1.8.0.352.b08-2.fc37
2022-11-10 22:53:40
[SECURITY] Fedora 35 Update: java-1.8.0-openjdk-1.8.0.352.b08-2.fc35
2022-11-03 15:31:20
[SECURITY] Fedora 36 Update: java-1.8.0-openjdk-1.8.0.352.b08-2.fc36
2022-11-03 15:58:42
f5
f5
K46859523 : Multiple Java vulnerabilities
2022-10-21 00:00:00
broadcom
broadcom
Azul Zulu Java Multiple Vulnerabilities (CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399)
2023-08-29 00:00:00
ubuntu
ubuntu
OpenJDK vulnerabilities
2022-11-09 00:00:00
kaspersky
kaspersky
KLA20013 Multiple vulnerabilities in Oracle Java SE and GraalVM
2022-10-18 00:00:00

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

59.0%

JSON
Related for B43B19786F65976E613C18EF94099EF53A58D928A37048D0C30EE70992018BC3
nessus64almalinux6redhat23openvas19osv13ibm47oraclelinux8rocky6centos2amazon4fedora3f51broadcom1ubuntu1kaspersky1