IBMC2CB12DB04BE6EC907E9AE881B410ECC6C0C87D54668BE435AC17583F16CDBD3Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager (CVE-2024-21094, CVE-2024-21085, CVE-2024-21011, CVE-2023-38264)
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
20.6%
Summary
IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin.
Vulnerability Details
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Tivoli Business Service Manager | 6.2.0 |
Remediation/Fixes
| Principal Product and Version(s) | Affected Supporting Product and Version |
|---|---|
| IBM Tivoli Business Service Manager 6.2.0 |
IBM strongly recommends addressing the vulnerability now by upgrading the Java SDK.
Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition
- Upgrade to IBM® SDK, Java™ Technology Edition Version 8 Service Refresh 8 FP25, please follow How to upgrade JREs shipped with Tivoli Business Service Manager to upgrade.
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| tivoli business service manager | eq | 6.2.0 |
Related
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
20.6%