Lucene search

IBMFBE12BC29F3A3EADBB97E99B4E5988968C5B939E5B4AB7F4DFF9DA89F73BBA04

HistoryJun 24, 2022 - 4:11 p.m.

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to an unspecified vulnerability due to IBM Java Runtime (CVE-2021-35603)

2022-06-2416:11:32

www.ibm.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

0.002 Low

EPSS

Percentile

53.3%

JSON

Summary

There is a vulnerability in IBM® Runtime Environment Java™ Version 7 and 8 used by Install Agent and Integrated File Agent in IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE.

Vulnerability Details

CVEID:CVE-2021-35603
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211676 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Sterling Connect:Direct for Microsoft Windows	4.8.0.3 - 4.8.0.3_iFix044
IBM Sterling Connect:Direct for Microsoft Windows	6.0.0.3 - 6.0.0.4_iFix051
IBM Sterling Connect:Direct for Microsoft Windows	6.1.0.0 - 6.1.0.2_iFix042
IBM Sterling Connect:Direct for Microsoft Windows	6.2.0.0 - 6.2.0.4_iFix004

Remediation/Fixes

Product(s)	Version(s)	APAR	Remediation / Fix
IBM Sterling Connect:Direct for Microsoft Windows	4.8.0.3 - 4.8.0.3_iFix044	IT40971	Apply 4.8.0.3_iFix045, available on Fix Central
IBM Sterling Connect:Direct for Microsoft Windows	6.0.0.3 - 6.0.0.4_iFix051	IT40971	Apply 6.0.0.4_iFix052, available on Fix Central
IBM Sterling Connect:Direct for Microsoft Windows	6.1.0.0 - 6.1.0.2_iFix042	IT40971	Apply 6.1.0.2_iFix043, available on Fix Central
IBM Sterling Connect:Direct for Microsoft Windows	6.2.0.0 - 6.2.0.4_iFix004	IT40971	Apply 6.2.0.4_iFix005, available on Fix Central

For unsupported versions IBM recommends upgrading to a fixed, supported version of the product.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmsterling_connect\Matchdirect_for_microsoft_windows4.8

ibmsterling_connect\Matchdirect_for_microsoft_windows6.0

ibmsterling_connect\Matchdirect_for_microsoft_windows6.1

ibmsterling_connect\Matchdirect_for_microsoft_windows6.2

CPENameOperatorVersion
sterling connect:direct for microsoft windowseq4.8
sterling connect:direct for microsoft windowseq6.0
sterling connect:direct for microsoft windowseq6.1
sterling connect:direct for microsoft windowseq6.2

Name	Operator	Version
sterling connect:direct for microsoft windows	eq	4.8
sterling connect:direct for microsoft windows	eq	6.0
sterling connect:direct for microsoft windows	eq	6.1
sterling connect:direct for microsoft windows	eq	6.2