IBMB90DBF49EE6B2D421244557423062E2DA082BD617F321719301D5F84DE6CF676Security Bulletin: IBM Spectrum Control is vulnerable to weakness related KIE Drools
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
26.3%
Summary
Vulnerability in KIE Drools could allow a remote authenticated attacker to execute arbitrary code may affect IBM Spectrum Control.
Vulnerability Details
CVEID:CVE-2022-1415
**DESCRIPTION:**KIE Drools could allow a remote authenticated attacker to execute arbitrary code on the system, caused by not using proper safeguards when deserializing data. By using specially-crafted serialized objects, an attacker could exploit this vulnerability to execute arbitrary code on the server.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241458 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Spectrum Control | 5.4 |
Remediation/Fixes
| Release | First Fixing VRM Level | Link to Fix |
|---|---|---|
| 5.4 | 5.4.10.1 | <https://www.ibm.com/support/pages/latest-downloads-ibm-spectrum-control> |
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm spectrum control | eq | 5.4 |
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
26.3%