Lucene search

IBMF333E19B06FBE6DEE7CCB42787D377836C0645D6F0B1B1C757AE09E88E83DA97

HistoryApr 29, 2024 - 9:30 a.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK may affect IBM Storage Scale

2024-04-2909:30:18

www.ibm.com

ibm storage scale

ibm java sdk

vulnerabilities

java se

scripting

remote attackers

high impact

confidentiality

integrity

local attackers

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.6%

JSON

Summary

There are vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by IBM Storage Scale. This issue was disclosed as part of the IBM Java SDK updates in Jan 2024. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945.

Vulnerability Details

CVEID:CVE-2024-20952
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high confidentiality impact and high integrity impact.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279685 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID:CVE-2024-20918
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality impact and high integrity impact.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279718 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID:CVE-2024-20921
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality impact.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279734 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2024-20919
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high integrity impact.
CVSS Base score: 4.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279785 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N)

CVEID:CVE-2024-20926
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Scripting component could allow a remote attacker to cause high confidentiality impact.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279716 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2024-20945
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow a local authenticated attacker to cause high confidentiality impact.
CVSS Base score: 4.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279775 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Storage Scale	5.1.0.0 - 5.1.9.2

Remediation/Fixes

For IBM Storage Scale V5.1.0.0 through V5.1.9.2, apply V5.2.0.0 or V5.1.9.3 or later available from FixCentral at:

V5.2.0.0 or later

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Storage+Scale&release=5.2.0&platform=All&function=all

V5.1.9.3 or later

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Storage+Scale&release=5.1.9&platform=All&function=all

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm storage scaleeq5.1.

CPE	Name	Operator	Version
	ibm storage scale	eq	5.1.