Lucene search

IBMF023E099C928C0E76EEEB627120A5F33EC001617CD3075C35E6BAB5ACFAC9BE8

HistorySep 12, 2022 - 2:15 p.m.

Security Bulletin: A vulnerability in IBM Java Runtime affects TXSeries for Multiplatforms

2022-09-1214:15:30

www.ibm.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

19.4%

JSON

Summary

TXSeries for Multiplatforms has addressed the following vulnerabilities reported by IBM® Runtime Environment Java™

Vulnerability Details

CVEID:CVE-2022-22475
**DESCRIPTION:**IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225603 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM TXSeries for Multiplatforms	8.2
IBM TXSeries for Multiplatforms	9.1

Remediation/Fixes

Product

Version

Defect

Remediation / First Fix

—|—|—|—

IBM TXSeries for Multiplatforms v9.1

9.1.0.0
9.1.0.2

127848

| Download fix here

IBM TXSeries for Multiplatforms v8.2

8.2.0.0
8.2.0.1
8.2.0.2

127848

| Download fix here

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmtxseries_for_multiplatformsMatch8.2

ibmtxseries_for_multiplatformsMatch9.1

CPENameOperatorVersion
ibm txseries for multiplatformseq8.2
ibm txseries for multiplatformseq9.1

CPE	Name	Operator	Version
	ibm txseries for multiplatforms	eq	8.2
	ibm txseries for multiplatforms	eq	9.1

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

19.4%

JSON

Related for F023E099C928C0E76EEEB627120A5F33EC001617CD3075C35E6BAB5ACFAC9BE8