5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:C/I:N/A:N
0.001 Low
EPSS
Percentile
49.0%
Multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affect the product’s management GUI. The Command Line Interface is unaffected.
CVEID:CVE-2021-35550
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211627 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2021-35603
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211676 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Storage Node machine type and models (MTMs) affected:
Supported storage node code versions which are affected:
**Note:**For information on IBM FlashSystem V9000 SVC code levels affected and remediated, search for the equivalent security bulletin here: IBM Support
MTMs | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
FlashSystem 840 MTMs: |
9840-AE1 and 9843-AE1
FlashSystem 900 MTMs:
9840-AE2, 9843-AE2, 9840-AE3, 9843-AE3, and 9843-UF3
Note: AE1 systems are no longer supported.
|
Code fixes are now available, the minimum VRMF containing the fix depending on the code stream:
Fixed Code VRMF:
1.6 stream: 1.6.1.5
1.5 stream: 1.5.2.12
| N/A | FlashSystem 900 fixes are available at IBM’s Fix Central website. FlashSystem 840 is no longer supported.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm flashsystem v9000 | eq | any | |
ibm flashsystem v840 | eq | any |
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:C/I:N/A:N
0.001 Low
EPSS
Percentile
49.0%