IBMF3E31C2AA4BB31C190ED10B85AEED2CAACCE138E021E37B57A4EF39CED3CC57ASecurity Bulletin: CVE-2022-40609 affects IBM® SDK, Java™ Technology Edition
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
65.8%
Summary
CVE-2022-40609 affects the Object Request Broker (ORB) in IBM SDK, Java Technology Edition. An update has been released to address the vulnerability.
Vulnerability Details
CVEID:CVE-2022-40609
**DESCRIPTION:**IBM SDK, Java Technology Edition could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236069 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM SDK, Java Technology Edition | 8.0.8.0 and earlier |
| IBM SDK, Java Technology Edition | 7.1.5.18 and earlier |
Remediation/Fixes
7.1.5.19 (restricted access)
8.0.8.5
IBM SDK, Java Technology Edition releases can be downloaded, subject to the terms of the developerWorks license, from the Java Developer Center.
IBM customers requiring an update for an SDK shipped with an IBM product should contact IBM support, and/or refer to the appropriate product security bulletin.
Workarounds and Mitigations
None
Affected configurations
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
65.8%