Lucene search

IBMDC81F676ADC49DC60232C3F5EE3AF5346FBE2B3367F097005D6FFBE810AE737D

HistoryAug 25, 2022 - 2:59 a.m.

Security Bulletin: Vulnerability in IBM Java Runtime(CVE-2021-35603) affects DB2 Recovery Expert for Linux, Unix and Windows

2022-08-2502:59:30

www.ibm.com

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

43.4%

JSON

Summary

An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.

Vulnerability Details

CVEID:CVE-2021-35603
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211676 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
DB2 Recovery Expert for LUW	5.5.0.1
DB2 Recovery Expert for LUW	5.5.0.1 IF1
DB2 Recovery Expert for LUW	5.5.0.1 IF2
DB2 Recovery Expert for LUW	5.5.0.1 IF3

Remediation/Fixes

The product needs to be installed or upgraded to the latest available level using the latest 5.5.0.1 IF4 version available from Fix Central.

Workarounds and Mitigations

None

CPENameOperatorVersion
db2 recovery expert for linux- unix and windowseq5.5.0.1
db2 recovery expert for linux- unix and windowseq4

CPE	Name	Operator	Version
	db2 recovery expert for linux- unix and windows	eq	5.5.0.1
	db2 recovery expert for linux- unix and windows	eq	4

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

43.4%

JSON

Related for DC81F676ADC49DC60232C3F5EE3AF5346FBE2B3367F097005D6FFBE810AE737D