9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
100.0%
Is Sterling Order Management affected by Spring vulnerability CVE-2022-22963?
IBM is aware of a recently surfaced vulnerability CVE-2022-22963 and has evaluated whether any Sterling Order Management applications are affected. The following is a summary of our evaluation:
Component |
Spring
version
used
| Impacted by
CVE-2022-22963 |
Immediate
Mitigation
Plan
| Latest Status
β|β|β|β|β
Sterling Order Management SaaS, On-prem and Certified Containers (including Store Engagement & Call Center) | Not used | No | N/A | Not vulnerable
Inventory Visibility
Microservice
| Not used | No | N/A | Not vulnerable
Intelligent Promising
Microservice
| Not used | No | N/A | Not vulnerable
OMS Data Exchange Service | Not used | No | N/A | Not vulnerable
Store Inventory Management
Microservice
| Not used | No | N/A | Not vulnerable
Order Hub | Not used | No | N/A | Not vulnerable
Sterling Fulfillment Optimizer | Not used | No | N/A | Not vulnerable
Configure, Price, Quote (CPQ): Omni-Configurator and Visual Modeler | Not used | No | N/A | Not vulnerable
Configure, Price, Quote (CPQ): Field Sales | Not used | No | N/A | Not vulnerable
CVE-2022-22963 - National Vulnerability Database
CVE-2022-22963: Spring Framework RCE via Data Binding on JDK 9+ - vmware.com
[{βTypeβ:βMASTERβ,βLine of Businessβ:{βcodeβ:βLOB59β,βlabelβ:βSustainability Softwareβ},βBusiness Unitβ:{βcodeβ:βBU059β,βlabelβ:βIBM Software w/o TPSβ},βProductβ:{βcodeβ:βSS6PEWβ,βlabelβ:βSterling Order Managementβ},βARM Categoryβ:[{βcodeβ:βa8m0z000000cy00AAAβ,βlabelβ:βOrdersβ}],βPlatformβ:[{βcodeβ:βPF025β,βlabelβ:βPlatform Independentβ}],βVersionβ:βAll Versionsβ}]
CPE | Name | Operator | Version |
---|---|---|---|
sterling order management | eq | any |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
100.0%