Lucene search

IBMB66AFF1963520B7EE2CFB81B83D18A7732F1B4E39C2733251A8F9E0649FDED6C

HistoryJan 03, 2024 - 6:20 p.m.

Security Bulletin: IBM SDK, Java Technology Edition as shipped with IBM Security Directory products is vulnerable to multiple vulnerabilities.

2024-01-0318:20:47

www.ibm.com

ibm

java

security directory

vulnerabilities

remediation

affected products

version

websphere

application server

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.4%

JSON

Summary

IBM SDK, Java Technology Edition is used by IBM Security Directory products as part of the IBM SDK, Java Technology Edition. See security bulletin for more details.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Security Verify Directory	10.0
IBM Security Directory Server	6.4.0

Remediation/Fixes

The IBM SDK, Java Technology Edition has published a security bulletin Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to January 2023 CPU plus deferred CVE-2022-21426

Please follow the instructions in the Bulletin to apply fixes.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmsecurity_verify_directoryMatch10.0.

CPENameOperatorVersion
ibm security verify directoryeq10.0.

CPE	Name	Operator	Version
	ibm security verify directory	eq	10.0.

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.4%

JSON

Related for B66AFF1963520B7EE2CFB81B83D18A7732F1B4E39C2733251A8F9E0649FDED6C