CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
17.7%
This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their July 2024 Critical Patch Update, plus CVE-2024-27267. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Lifecycle Optimization - Engineering Insights, IBM Engineering Lifecycle Optimization - Publishing, IBM Engineering Requirements Management DOORS Next, Global Configuration Management, IBM Engineering Workflow Management, IBM Jazz Reporting Service, IBM Engineering Test Management
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
Jazz Foundation | 7.0.2 |
IBM Engineering Requirements Management DOORS Next | |
IBM Engineering Workflow Management | |
IBM Engineering Test Management | |
IBM Engineering Lifecycle Optimization - Publishing | |
IBM Engineering Lifecycle Optimization - Engineering Insights | |
IBM Jazz Reporting Service | |
Global Configuration Management | |
Jazz Foundation | 7.0.3 |
IBM Engineering Requirements Management DOORS Next | |
IBM Engineering Workflow Management | |
IBM Engineering Test Management | |
IBM Engineering Lifecycle Optimization - Publishing | |
IBM Engineering Lifecycle Optimization - Engineering Insights | |
IBM Jazz Reporting Service | |
Global Configuration Management |
This vulnerability affects multiple IBM® Engineering Lifecycle Engineering products mentioned above, which uses IBM® SDK, Java™ Technology Edition.
If the Product is deployed on one of the above versions, Please follow the instruction given in the following article
Link - <https://www.ibm.com/support/pages/node/7165421>
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | ibm_engineering_lifecycle_management_base | 702 | cpe:2.3:a:ibm:ibm_engineering_lifecycle_management_base:702:*:*:*:*:*:*:* |
ibm | ibm_engineering_lifecycle_management_base | 703 | cpe:2.3:a:ibm:ibm_engineering_lifecycle_management_base:703:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
17.7%