Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM1FAD52D325EC5FEE0E54A4882A5572961497B49D852F578152AE6A08460B83D4
HistoryJun 16, 2023 - 7:00 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester

2023-06-1619:00:53
www.ibm.com
8
ibm java sdk
ibm java runtime
rational service tester
denial of service
data manipulation

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.002

Percentile

59.5%

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Service Tester. Rational Service Tester has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2022-21628
**DESCRIPTION:**Java SE is vulnerable to a denial of service, caused by a flaw in the Lightweight HTTP Server. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238623 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2022-21626
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238689 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2022-21624
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to update, insert or delete data resulting in a low integrity impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238699 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2022-21619
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to update, insert or delete data resulting in a low integrity impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238698 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
RST 9.5

Remediation/Fixes

Product VRMF APAR Remediation/First Fix
RST 9.5 None https://www.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=Rational-RST-JavaPatch-Java8SR7FP20&continue=1&source=SAR

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmrational_service_testerMatch9.2
OR
ibmrational_service_testerMatch9.5
OR
ibmrational_service_testerMatch10.0
OR
ibmrational_service_testerMatch10.1
OR
ibmrational_service_testerMatch10.2
VendorProductVersionCPE
ibmrational_service_tester9.2cpe:2.3:a:ibm:rational_service_tester:9.2:*:*:*:*:*:*:*
ibmrational_service_tester9.5cpe:2.3:a:ibm:rational_service_tester:9.5:*:*:*:*:*:*:*
ibmrational_service_tester10.0cpe:2.3:a:ibm:rational_service_tester:10.0:*:*:*:*:*:*:*
ibmrational_service_tester10.1cpe:2.3:a:ibm:rational_service_tester:10.1:*:*:*:*:*:*:*
ibmrational_service_tester10.2cpe:2.3:a:ibm:rational_service_tester:10.2:*:*:*:*:*:*:*

Related

nessus 64
redhat 19
amazon 4
fedora 6
openvas 19
ibm 48
almalinux 6
osv 13
centos 2
oraclelinux 8
rocky 6
kaspersky 1
broadcom 1
f5 1
ubuntu 1
nessus
nessus
Amazon Linux 2 : (ALAS-2023-1922)
2023-02-06 00:00:00
SUSE SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2022:4373-1)
2022-12-09 00:00:00
RHEL 8 : java-1.8.0-openjdk (RHSA-2022:7003)
2022-10-20 00:00:00
redhat
redhat
(RHSA-2022:8880) Moderate: java-1.8.0-ibm security update
2022-12-07 10:41:58
(RHSA-2022:7004) Moderate: java-1.8.0-openjdk security update
2022-10-19 21:05:31
(RHSA-2022:7049) Moderate: OpenJDK 8u352 Windows Security Update
2022-10-20 10:07:20
amazon
amazon
Medium: java-1.8.0-openjdk
2023-01-30 16:02:00
Medium: java-1.8.0-openjdk
2023-01-31 20:44:00
Medium: java-11-amazon-corretto
2022-10-17 21:46:00
fedora
fedora
[SECURITY] Fedora 37 Update: java-1.8.0-openjdk-1.8.0.352.b08-2.fc37
2022-11-10 22:53:40
[SECURITY] Fedora 35 Update: java-1.8.0-openjdk-1.8.0.352.b08-2.fc35
2022-11-03 15:31:20
[SECURITY] Fedora 36 Update: java-1.8.0-openjdk-1.8.0.352.b08-2.fc36
2022-11-03 15:58:42
openvas
openvas
Fedora: Security Advisory for java-1.8.0-openjdk (FEDORA-2022-b050ae8974)
2022-11-04 00:00:00
Huawei EulerOS: Security Advisory for java-1.8.0-openjdk (EulerOS-SA-2023-1319)
2023-02-09 00:00:00
Fedora: Security Advisory for java-1.8.0-openjdk (FEDORA-2022-dedbb92a08)
2022-11-11 00:00:00
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in IBM SDK Java affect IBM Cloud Pak System
2024-04-29 10:37:54
Security Bulletin: Enterprise Content Management System Monitor is affected by a vulnerability in IBM® SDK Java™ Technology Edition
2023-01-06 06:45:59
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager (CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619)
2022-12-06 16:12:23
almalinux
almalinux
Moderate: java-1.8.0-openjdk security update
2022-10-19 00:00:00
Moderate: java-1.8.0-openjdk security update
2022-10-20 00:00:00
Moderate: java-17-openjdk security and bug fix update
2022-10-19 00:00:00
osv
osv
Moderate: java-1.8.0-openjdk security update
2022-10-20 07:34:19
Moderate: java-1.8.0-openjdk security update
2022-10-20 00:00:00
Moderate: java-1.8.0-openjdk security update
2022-10-19 21:13:39
centos
centos
java security update
2022-10-26 14:19:03
java security update
2022-10-26 14:18:08
oraclelinux
oraclelinux
java-1.8.0-openjdk security update
2022-10-21 00:00:00
java-1.8.0-openjdk security update
2022-10-21 00:00:00
java-1.8.0-openjdk security and bug fix update
2022-10-21 00:00:00
rocky
rocky
java-1.8.0-openjdk security update
2022-10-19 21:13:39
java-1.8.0-openjdk security update
2022-10-20 07:34:19
java-11-openjdk security and bug fix update
2022-10-20 07:40:35
kaspersky
kaspersky
KLA20013 Multiple vulnerabilities in Oracle Java SE and GraalVM
2022-10-18 00:00:00
broadcom
broadcom
Azul Zulu Java Multiple Vulnerabilities (CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399)
2023-08-29 00:00:00
f5
f5
K46859523 : Multiple Java vulnerabilities
2022-10-21 00:00:00
ubuntu
ubuntu
OpenJDK vulnerabilities
2022-11-09 00:00:00

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.002

Percentile

59.5%

JSON
Related for 1FAD52D325EC5FEE0E54A4882A5572961497B49D852F578152AE6A08460B83D4
nessus64redhat19amazon4fedora6openvas19ibm48almalinux6osv13centos2oraclelinux8rocky6kaspersky1broadcom1f51ubuntu1