Lucene search

IBMF8EA17B1BCCA9756F301132C0BD388AE2420FACC8A6047822E2FBAAB4E555F67

HistoryMar 19, 2022 - 4:16 a.m.

Security Bulletin: A vulnerability in Java SE affects IBM Control Center (CVE-2021-2369)

2022-03-1904:16:57

www.ibm.com

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

40.9%

JSON

Summary

A flaw in the JAR validation implementation may, under certain limited circumstances, lead to a failure to detect signedJAR files that have been modified. The fix ensures that JARs that have been modified since they were signed are properly detected and treated asunsigned.

Vulnerability Details

CVEID:CVE-2021-2369
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Library component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205796 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Control Center	6.1.3
IBM Control Center	6.2.0.0

Remediation/Fixes

Product

VRMF

iFix

Remediation

—|—|—|—

IBM Control Center

6.1.3.0

iFix12

Fix Central - 6.1.3.0

IBM Control Center

6.2.0.0

iFix10

or later

Fix Central - 6.2.0.0

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm control centereq6.2.0.0
ibm control centereq6.1.3.0

CPE	Name	Operator	Version
	ibm control center	eq	6.2.0.0
	ibm control center	eq	6.1.3.0

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

40.9%

JSON

Related for F8EA17B1BCCA9756F301132C0BD388AE2420FACC8A6047822E2FBAAB4E555F67