Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMCBB581AC5D80B638C7627B6A6973FE321320C79B550AC39125687D95CDB8F7BE
HistoryMay 16, 2022 - 9:36 p.m.

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple vulnerabilities due to IBM Java Runtime

2022-05-1621:36:52
www.ibm.com
27

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

0.002 Low

EPSS

Percentile

55.3%

JSON

Summary

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling External Authentication Server. IBM Sterling External Authentication Server has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2021-35578
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211654 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-35550
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211627 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2021-2369
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Library component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205796 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)

CVEID:CVE-2022-21291
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217586 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2021-35603
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211676 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Secure External Authentication Server 6.0.3
IBM Sterling External Authentication Server 2.4.3.2

Remediation/Fixes

Product Version iFix Remediation
IBM Sterling External Authentication Server 6.0.3.0 iFix 03 Fix Central
IBM Sterling External Authentication Server 2.4.3.2 iFix 15 Fix Central

Workarounds and Mitigations

None

Related

ibm 128
f5 1
prion 5
cnvd 4
veracode 4
cbl_mariner 1
debiancve 4
ubuntucve 4
alpinelinux 5
osv 9
cve 5
broadcom 2
redhatcve 4
ubuntu 1
nessus 11
openvas 4
suse 1
oraclelinux 1
redhat 3
debian 1
rocky 1
ibm
ibm
Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple vulnerabilities due to IBM Java Runtime
2022-05-16 21:34:08
Security Bulletin: Multiple vulnerabilities in IBM Java JRE affect IBM InfoSphere Global Name Management (CVE-2021-35578, CVE-2021-35550, CVE-2021-35603)
2022-04-20 17:04:55
Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest
2022-07-26 10:49:08
f5
f5
K73464925 : Multiple Java vulnerabilities CVE-2021-35588, CVE-2021-35603, CVE-2021-35565, CVE-2021-35578
2022-09-06 00:00:00
prion
prion
Buffer overflow
2022-01-19 12:15:00
Code injection
2021-10-20 11:16:00
Design/Logic Flaw
2021-10-20 11:16:00
cnvd
cnvd
Oracle GraalVM Input Validation Error Vulnerability (CNVD-2022-15475)
2022-01-24 00:00:00
Oracle Java SE and Oracle GraalVM Enterprise Edition Information Disclosure Vulnerability (CNVD-2021-81812)
2021-10-20 00:00:00
Oracle Java SE and Oracle GraalVM Enterprise Edition Information Disclosure Vulnerability (CNVD-2021-81804)
2021-10-20 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2022-01-29 17:13:33
Improper Input Validation
2021-10-26 21:56:11
Improper Input Validation
2021-10-26 21:55:43
cbl_mariner
cbl_mariner
CVE-2022-21291 affecting package openjdk8 1.8.0.292-1
2022-03-10 23:47:38
debiancve
debiancve
CVE-2022-21291
2022-01-19 12:15:00
CVE-2021-35578
2021-10-20 11:16:00
CVE-2021-35550
2021-10-20 11:16:00
ubuntucve
ubuntucve
CVE-2022-21291
2022-01-19 00:00:00
CVE-2021-35603
2021-10-20 00:00:00
CVE-2021-35550
2021-10-20 00:00:00
alpinelinux
alpinelinux
CVE-2022-21291
2022-01-19 12:15:00
CVE-2021-35578
2021-10-20 11:16:00
CVE-2021-35603
2021-10-20 11:17:00
osv
osv
CVE-2022-21291
2022-01-19 12:15:12
CVE-2021-35578
2021-10-20 11:16:55
CVE-2021-35603
2021-10-20 11:17:05
cve
cve
CVE-2022-21291
2022-01-19 12:15:00
CVE-2021-35578
2021-10-20 11:16:00
CVE-2021-35550
2021-10-20 11:16:00
broadcom
broadcom
BSA-2022-1980
2022-06-22 00:00:00
BSA-2022-1689
2022-07-29 00:00:00
redhatcve
redhatcve
CVE-2022-21291
2022-01-18 21:50:06
CVE-2021-35550
2021-10-19 21:03:06
CVE-2021-35578
2021-10-19 21:25:44
ubuntu
ubuntu
OpenJDK vulnerabilities
2021-12-17 00:00:00
nessus
nessus
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : OpenJDK vulnerabilities (USN-5202-1)
2021-12-17 00:00:00
RHEL 7 : java-11-openjdk (RHSA-2021:3892)
2021-10-21 00:00:00
RHEL 8 : java-11-openjdk (RHSA-2021:3886)
2021-10-21 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5202-1)
2021-12-18 00:00:00
Fedora: Security Advisory for java-11-openjdk (FEDORA-2021-9a51a6f8b1)
2021-10-30 00:00:00
CentOS: Security Advisory for java-11-openjdk (CESA-2021:3892)
2021-11-18 00:00:00
suse
suse
Security update for java-11-openjdk (important)
2021-11-17 00:00:00
oraclelinux
oraclelinux
java-11-openjdk security and bug fix update
2021-10-21 00:00:00
redhat
redhat
(RHSA-2021:3968) Important: OpenJDK 11.0.13 security update for Windows Builds
2021-10-25 12:20:28
(RHSA-2021:3891) Important: java-11-openjdk security update
2021-10-20 12:41:00
(RHSA-2021:3887) Important: java-11-openjdk security update
2021-10-20 12:39:20
debian
debian
[SECURITY] [DSA 5000-2] openjdk-11 security update
2021-12-22 19:03:51
rocky
rocky
java-11-openjdk security update
2021-10-20 12:41:00

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

0.002 Low

EPSS

Percentile

55.3%

JSON
Related for CBB581AC5D80B638C7627B6A6973FE321320C79B550AC39125687D95CDB8F7BE
ibm128f51prion5cnvd4veracode4cbl_mariner1debiancve4ubuntucve4alpinelinux5osv9cve5broadcom2redhatcve4ubuntu1nessus11openvas4suse1oraclelinux1redhat3debian1rocky1