10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
99.9%
Apache Log4j Vulnerability Affects IBM Sterling Control Center (CVE-2021-45046). Customers are encourages to take action and apply the fix below.
CVEID:CVE-2021-45046
**DESCRIPTION:**Apache Log4j could result in remote code execution, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. When the logging configuration uses a non-default Pattern Layout with a Context Lookup, an attacker with control over Thread Context Map (MDC) input data can craft malicious input data using a JNDI Lookup pattern to leak sensitive information and remote code execution in some environments and local code execution in all environments.
CVSS Base score: 9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/215195 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Control Center | 6.1.3 |
IBM Control Center | 6.2.1.0 |
IBM Control Center | 6.2.0.0 |
IBM strongly recommends addressing the vulnerability now.
Product
|
VRMF
|
iFix
|
Remediation
—|—|—|—
IBM Sterling Control Center
|
6.2.1.0.
|
iFix03
|
IBM Sterling Control Center
|
6.2.0.0
|
iFix13
|
IBM Sterling Control Center
|
6.1.3.0
|
iFix09
|
Please NOTE:
The fix packages listed above also includes the fix for related Log4j vulnerability CVE-2021-44228 (originally addressed in the previous iFix number).
See: <https://www.ibm.com/support/pages/node/6527966>
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm control center | eq | 6.2.0.0 | |
ibm control center | eq | 6.1.3.0 | |
ibm control center | eq | 6.2.1.0 |
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
99.9%