Lucene search

IBMB76CCC1A95EB5D114C521E3BEC2ED34C4917097524FBA2EA8DA223F9C5F0C3C0

HistoryMar 07, 2024 - 6:58 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Business Developer

2024-03-0718:58:55

www.ibm.com

ibm java sdk

rational business developer

cve-2023-22045

cve-2023-22049

vulnerabilities

fixes

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.1%

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle July 2023 Critical Patch Update CVE-2023-22045 and CVE-2023-22049.

Vulnerability Details

CVEID:CVE-2023-22045
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality impacts.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261047 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2023-22049
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow a remote attacker to cause low integrity impacts.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261048 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
RBD	9.6
RBD	9.7

Remediation/Fixes

Product	VRMF	APAR	Remediation / First Fix	File Name
Rational Business Developer	9.6 - 9.6.1	None	https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/Rational+Business+Developer&release=9.6&platform=All&function=all

RBD_9.6_IBM_JDK8_SR8_FP10

Rational Business Developer| 9.7 - 9.7.1| None| https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/Rational+Business+Developer&release=9.7.0&platform=All&function=all|

RBD_9.7_IBM_JDK8_SR8_FP10

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmrational_business_developerMatch9.6

ibmrational_business_developerMatch9.7

CPENameOperatorVersion
rational business developereq9.6
rational business developereq9.7

CPE	Name	Operator	Version
	rational business developer	eq	9.6
	rational business developer	eq	9.7

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.1%

JSON

Related for B76CCC1A95EB5D114C521E3BEC2ED34C4917097524FBA2EA8DA223F9C5F0C3C0