Lucene search

K
ibm
IBMC5B21D20669BCF8004F64CC2889BAD78F2D08437003207B4E1F5904BE53FAF68
HistoryJan 11, 2023 - 9:10 p.m.

Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM WebSphere Application Servers used by IBM Master Data Management (CVE-2022-21496, CVE-2022-21434, CVE-2022-21443)

2023-01-1121:10:28
www.ibm.com
16

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

45.0%

Summary

There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. These might affect some configurations of IBM WebSphere Application Server traditional and IBM WebSphere Application Server Liberty. These products have addressed the applicable CVEs. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities is applicable to your code. For a complete list of vulnerabilities, refer to the link for “IBM Java SDK Security Bulletin” located in the References section for more information. HP fixes are on a delayed schedule.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
InfoSphere Master Data Management 12.0
InfoSphere Master Data Management 11.6

Remediation/Fixes

Principal Product and Version(s) Affected Supporting Product and Version Affected Supporting Product Security Bulletin
InfoSphere Master Data Management v11.6, v12.0 IBM WebSphere Application Server v8.5 and 9.0
IBM Java SDK Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to April 2022 CPU plus deferred CVE-2022-21299

Workarounds and Mitigations

None

How to protect your server from attacks?

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

45.0%

Related for C5B21D20669BCF8004F64CC2889BAD78F2D08437003207B4E1F5904BE53FAF68