Lucene search

IBMF84D486AA810B46EE5EE6FC3DBA9BFFD8D5E302380DF519189BF06A5D4E97BA8

HistoryJan 11, 2024 - 2:15 p.m.

Security Bulletin: CVE-2022-21426 may affect IBM® SDK, Java™ Technology Edition shipped with IBM TXSeries for Multiplatforms

2024-01-1114:15:36

www.ibm.com

cve-2022-21426

ibm sdk

java technology edition

txseries for multiplatforms

vulnerability

denial of service

ibm txseries 8.1

ibm txseries 8.2

ibm txseries 9.1

fix

jaxp component

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.4%

JSON

Summary

CVE-2022-21426 may affect IBM® SDK, Java™ Technology Edition shipped with IBM TXSeries for Multiplatforms. IBM TXSeries for Multiplatforms has addressed the applicable CVE.

Vulnerability Details

CVEID:CVE-2022-21426
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/224714 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM TXSeries for Multiplatforms	8.1
IBM TXSeries for Multiplatforms	8.2
IBM TXSeries for Multiplatforms	9.1

Remediation/Fixes

Product	Version	Platform	Remediation/Fix
IBM TXSeries for Multiplatforms

8.1

| Linux, AIX| PSIRT fixes for IBM TXSeries for Multiplatforms 8.1 will only be provided for extended support customers on request through Salesforce case.
IBM TXSeries for Multiplatforms|

8.2

| All supported platforms|

Fix Central Link

This fix is also available as part of TXSeries 8.2 latest fixpack which can be downloaded from Fix Central

IBM TXSeries for Multiplatforms|

9.1

| Linux, AIX|

Fix Central Link

This fix is also available as part of TXSeries 9.1 latest fixpack which can be downloaded from Fix Central

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmtxseries_for_multiplatformsMatch8.1

ibmtxseries_for_multiplatformsMatch8.2

ibmtxseries_for_multiplatformsMatch9.1

CPENameOperatorVersion
txseries for multiplatformseq8.1
txseries for multiplatformseq8.2
txseries for multiplatformseq9.1

Name	Operator	Version
txseries for multiplatforms	eq	8.1
txseries for multiplatforms	eq	8.2
txseries for multiplatforms	eq	9.1

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.4%

JSON

Related for F84D486AA810B46EE5EE6FC3DBA9BFFD8D5E302380DF519189BF06A5D4E97BA8