Lucene search

K
ibm
IBMC10D490EE41AAB482030C937FAEA08C17545E6CBD518D468E37982A71F7BF915
HistoryJun 29, 2022 - 6:46 p.m.

Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments (CVE-2021-35550, CVE-2021-35603)

2022-06-2918:46:33
www.ibm.com
64

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

0.001 Low

EPSS

Percentile

48.2%

Summary

Vulnerabilities in IBM® Runtime Environment Java™ were disclosed as part of the IBM Java SDK updates in October 2021. IBM® Runtime Environment Java™ is used by IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments and may be affected by the below vulnerabilities (CVEs).

Vulnerability Details

CVEID:CVE-2021-35550
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211627 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2021-35603
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211676 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Spectrum Protect Backup-Archive Client 8.1.0.0-8.1.14.0 (Macintosh and Windows)
8.1.7.0-8.1.14.0 (Linux web user interface only)
8.1.9.0-8.1.14.0 (AIX web user interface only)
IBM Spectrum Protect for Space Management 8.1.7.0-8.1.14.0 (Linux)
8.1.9.0-8.1.14.0 (AIX)
IBM Spectrum Protect for Virtual Environments: Data Protection for VMware 8.1.0.0-8.1.14.0 (Linux and Windows)
IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V 8.1.0.0-8.1.14.0 (Windows)

Remediation/Fixes

_IBM Spectrum Protect Backup-Archive Client Affected Versions
_
|Fixing
Level
|Platform|_Link to Fix and Instructions
_

—|—|—|—
8.1.9.0-8.1.14.0 (AIX)
8.1.7.0-8.1.14.0 (Linux)
8.1.0.0-8.1.14.0 (Macintosh)
8.1.0.0-8.1.14.0 (Windows)
| 8.1.15| AIX*****
Linux*****
Macintosh
Windows| <https://www.ibm.com/support/pages/node/6593819&gt;

***** The AIX and Linux platforms are only affected if using the web user interface.

_IBM Spectrum Protect for
Space Management Affected Versions
_
|Fixing
Level
|Platform|_Link to Fix and Instructions
_

—|—|—|—
8.1.9.0-8.1.14.0 (AIX)
8.1.7.0-8.1.14.0 (Linux)
| 8.1.15| AIX
Linux| https://www.ibm.com/support/pages/node/316077

_IBM Spectrum Protect for
Virtual Environments:
Data Protection for VMware
Affected Versions
_
|Fixing
Level
|Platform|_Link to Fix and Instructions
_

—|—|—|—
8.1.0.0-8.1.14.0 (Linux)
8.1.0.0-8.1.14.0 (Windows| 8.1.15| Linux
Windows| <https://www.ibm.com/support/pages/node/6568701&gt;

_IBM Spectrum Protect for
Virtual Environments:
Data Protection for Hyper-V Affected Versions
_
|Fixing
Level
|Platform|_Link to Fix and Instructions
_

—|—|—|—
8.1.0.0-8.1.14.0 (Windows)| 8.1.15| Windows| <https://www.ibm.com/support/pages/node/6568701&gt;

Workarounds and Mitigations

None

Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

0.001 Low

EPSS

Percentile

48.2%

Related for C10D490EE41AAB482030C937FAEA08C17545E6CBD518D468E37982A71F7BF915