Lucene search

K
ibmIBMBA0C1285BB2690D9F746FAF8CAE32CD158A9BB2B0C21494031F4FC9B83C81495
HistoryMar 12, 2024 - 5:43 p.m.

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to high integrity impacts due to Oracle Java SE (CVE-2023-22043)

2024-03-1217:43:40
www.ibm.com
8
ibm sterling partner engagement manager
oracle java se
vulnerability
high integrity impact
cve-2023-22043
upgrade

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

5.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

23.2%

Summary

IBM Sterling Partner Engagement Manager uses Oracle Java SE. This bulletin identifies the steps to take to address the vulnerability.

Vulnerability Details

CVEID:CVE-2023-22043
**DESCRIPTION:**An unspecified vulnerability in Oracle Java SE related to the JavaFX component could allow a remote authenticated attacker to cause high integrity impacts
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261057 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Sterling Partner Engagement Manager 6.2.2
IBM Sterling Partner Engagement Manager 6.1.2
IBM Sterling Partner Engagement Manager 6.2.0

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading …

Product Version Remediation
IBM Sterling Partner Engagement Manager Essentials Edition 6.2.2.2 Link
IBM Sterling Partner Engagement Manager Standard Edition 6.2.2.2 Link
IBM Sterling Partner Engagement Manager Essentials Edition 6.1.2.9 Link
IBM Sterling Partner Engagement Manager Standard Edition 6.1.2.9 Link
IBM Sterling Partner Engagement Manager Essentials Edition 6.2.0.7 Link
IBM Sterling Partner Engagement Manager Standard Edition 6.2.0.7 Link

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmmulti-enterprise_integration_gatewayMatch6.2.2.2
OR
ibmmulti-enterprise_integration_gatewayMatch6.1.2.9
OR
ibmmulti-enterprise_integration_gatewayMatch6.2.0.7

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

5.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

23.2%