Lucene search

IBM1C591E97F44A5A3E62355CF2201A2B409BB2D9B8684C4E7B35BE7967EA4CB650

HistoryFeb 14, 2024 - 7:58 a.m.

Security Bulletin: Multiple vulnerabilities in IBM® Semeru Runtime affect IBM ILOG CPLEX Optimization Studio (CVE-2023-22045, CVE-2023-22049)

2024-02-1407:58:42

www.ibm.com

ibm® semeru runtime

ibm ilog cplex optimization studio

cve-2023-22045

cve-2023-22049

java se

vulnerabilities

ibm sdk

version 8

version 11

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

Confidence

Low

EPSS

0.001

Percentile

28.0%

JSON

Summary

There are multiple vulnerabilities in IBM® Semeru Runtime Versions 8 and 11 used by IBM ILOG CPLEX Optimization Studio. These issues were disclosed as part of the Oracle / OpenJDK July 2023 Critical Patch Updates.

Vulnerability Details

CVEID:CVE-2023-22045
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality impacts.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261047 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2023-22049
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow a remote attacker to cause low integrity impacts.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261048 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM ILOG CPLEX Optimization Studio (COS)	22.1.1
IBM ILOG CPLEX Optimization Studio (COS)	22.1
IBM ILOG CPLEX Optimization Studio (COS)	20.1.0.1
IBM ILOG CPLEX Optimization Studio (COS)	20.1
IBM ILOG CPLEX Optimization Studio (COS)	12.10
IBM ILOG CPLEX Optimization Studio (COS)	12.9

Remediation/Fixes

IBM SDK, Java Technology Edition, Version 8 Service Refresh 8 Fix Pack 20 and subsequent releases
IBM SDK, Java Technology Edition, Version 11 Service Refresh 22 Fix Pack 0 and subsequent releases

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmibm_ilog_cplex_optimization_studioMatch12.9

ibmibm_ilog_cplex_optimization_studioMatch12.10

ibmibm_ilog_cplex_optimization_studioMatch20.1

ibmibm_ilog_cplex_optimization_studioMatch20.1.0.1

ibmibm_ilog_cplex_optimization_studioMatch22.1

ibmibm_ilog_cplex_optimization_studioMatch22.1.1

VendorProductVersionCPE
ibmibm_ilog_cplex_optimization_studio12.9cpe:2.3:a:ibm:ibm_ilog_cplex_optimization_studio:12.9:*:*:*:*:*:*:*
ibmibm_ilog_cplex_optimization_studio12.10cpe:2.3:a:ibm:ibm_ilog_cplex_optimization_studio:12.10:*:*:*:*:*:*:*
ibmibm_ilog_cplex_optimization_studio20.1cpe:2.3:a:ibm:ibm_ilog_cplex_optimization_studio:20.1:*:*:*:*:*:*:*
ibmibm_ilog_cplex_optimization_studio20.1.0.1cpe:2.3:a:ibm:ibm_ilog_cplex_optimization_studio:20.1.0.1:*:*:*:*:*:*:*
ibmibm_ilog_cplex_optimization_studio22.1cpe:2.3:a:ibm:ibm_ilog_cplex_optimization_studio:22.1:*:*:*:*:*:*:*
ibmibm_ilog_cplex_optimization_studio22.1.1cpe:2.3:a:ibm:ibm_ilog_cplex_optimization_studio:22.1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	ibm_ilog_cplex_optimization_studio	12.9	cpe:2.3:a:ibm:ibm_ilog_cplex_optimization_studio:12.9:::::::*
ibm	ibm_ilog_cplex_optimization_studio	12.10	cpe:2.3:a:ibm:ibm_ilog_cplex_optimization_studio:12.10:::::::*
ibm	ibm_ilog_cplex_optimization_studio	20.1	cpe:2.3:a:ibm:ibm_ilog_cplex_optimization_studio:20.1:::::::*
ibm	ibm_ilog_cplex_optimization_studio	20.1.0.1	cpe:2.3:a:ibm:ibm_ilog_cplex_optimization_studio:20.1.0.1:::::::*
ibm	ibm_ilog_cplex_optimization_studio	22.1	cpe:2.3:a:ibm:ibm_ilog_cplex_optimization_studio:22.1:::::::*
ibm	ibm_ilog_cplex_optimization_studio	22.1.1	cpe:2.3:a:ibm:ibm_ilog_cplex_optimization_studio:22.1.1:::::::*