Lucene search

IBM0A514F270520F24CF5FB509D2A81FE216F73FB21380DF5C53A2810CD0E6AC3E6

HistoryJul 14, 2023 - 2:51 a.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (April 2023) affect IBM InfoSphere Information Server

2023-07-1402:51:41

www.ibm.com

ibm

java sdk

infosphere information server

vulnerabilities

april 2023

oracle java se

graalvm

remote attacker

cvss

networking component

swing component

hotspot component

libraries component

cve-2023-21967

cve-2023-21939

cve-2023-21937

cve-2023-21938

update

security bulletin

information management

aix installations

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

41.5%

JSON

Summary

There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in April 2023.

Vulnerability Details

CVEID:CVE-2023-21967
**DESCRIPTION:**An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the Hotspot component could allow a remote attacker to cause high confidentiality impact.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253166 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2023-21939
**DESCRIPTION:**An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the Swing component could allow a remote attacker to cause integrity impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253168 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2023-21937
**DESCRIPTION:**An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the Networking component could allow a remote attacker to cause integrity impact.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253167 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2023-21938
**DESCRIPTION:**An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the Libraries component could allow a remote attacker to cause integrity impact.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253155 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
InfoSphere Information Server	11.7

Remediation/Fixes

Product|

VRMF

APAR

Remediation/First Fix

—|—|—|—

InfoSphere Information Server, Information Server on Cloud

11.7

DT219910

--Follow instructions in the README
--If not previously addressed, for AIX installations, see Technote for class not found errors related to ProviderExceptions, Failed to initialize IBMJCEPlus provider, and jgskit (Not found in java.library.path)

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibminfosphere_information_serverMatch11.7

CPENameOperatorVersion
ibm infosphere information servereq11.7

CPE	Name	Operator	Version
	ibm infosphere information server	eq	11.7

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

41.5%

JSON

Related for 0A514F270520F24CF5FB509D2A81FE216F73FB21380DF5C53A2810CD0E6AC3E6