5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:C/I:N/A:N
0.001 Low
EPSS
Percentile
49.0%
Vulnerabilities in Java affects IBM Cloud Application Business Insights - Quaterly Java update, CVE-2021-35603 and CVE-2021-35550
CVEID:CVE-2021-35550
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211627 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2021-35603
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211676 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Cloud Application Business Insights | 1.1.6 |
IBM Cloud Application Business Insights | 1.1.5 |
IBM Cloud Application Business Insights | 1.1.3 |
IBM Cloud Application Business Insights | 1.1.4 |
IBM Cloud Application Business Insights | 1.1.6 |
IBM Cloud Application Business Insights | 1.1.5 |
IBM Cloud Application Business Insights | 1.1.3 |
IBM Cloud Application Business Insights | 1.1.4 |
For systems where IBM Cloud Application Business Insights version 1.1.7 is installed, the vulnerabilities can be remediated by applying the ICABI FixPack 1.1.7.4.
For systems where IBM Cloud Application Business Insights version 1.1.6 is installed, the vulnerabilities can be remediated by applying the ICABI FixPack 1.1.6.6.
The fixes and install instructions can be found at the following location:
Fix Pack | Download Link (Fix Central) |
---|---|
ICABI 1.1.7.4 Fix Pack |
ICABI 1.1.7.4 Fix Pack (pLinux)|
ICABI 1.1.6.6 Fix Pack|
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud application business insights | eq | 1.1.6 | |
ibm cloud application business insights | eq | 1.1.7 |
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:C/I:N/A:N
0.001 Low
EPSS
Percentile
49.0%