Lucene search

IBM2EF5677A3F23861B8D0D2574DAF8E448757B7776BAEF3A64C7E654636BCEEF3E

HistoryFeb 01, 2023 - 3:09 p.m.

Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to a denial of service due to IBM Runtime Environment Java Technology Edition (CVE-2022-21626)

2023-02-0115:09:09

www.ibm.com

ibm sterling connect:direct

file agent

vulnerability

denial of service

ibm runtime environment

java technology edition

cve-2022-21626

unauthenticated attacker

low availability impact

cvss base score 5.3

affected products

version 7

version 8

unspecified vulnerability

java se

security component

attack vectors

affected product

version

apar

remediation fix

it42944

1.4.0.2_ifix034

aix

linux

solaris

windows

workarounds

mitigations

software

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.002

Percentile

52.9%

JSON

Summary

There is a vulnerability in IBM Runtime Environment Java Technology Edition, Version 7 and 8 used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the issue.

Vulnerability Details

CVEID:CVE-2022-21626
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238689 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Sterling Connect:Direct File Agent	1.4.0.0 - 1.4.0.2_iFix033 with bundled JRE

Remediation/Fixes

Product(s)	Version(s)	APAR	Remediation / Fix
IBM Sterling Connect:Direct File Agent	1.4.0.0 - 1.4.0.2_iFix033	IT42944	Apply 1.4.0.2_iFix034 on AIX, Linux, Solaris and Windows, available on IBM Fix Central

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmsterling_connect\Matchdirect1.4

VendorProductVersionCPE
ibmsterling_connect\directcpe:2.3:a:ibm:sterling_connect\:direct:1.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	sterling_connect\	direct	cpe:2.3:a:ibm:sterling_connect\:direct:1.4:::::::*

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.002

Percentile

52.9%

JSON

Related for 2EF5677A3F23861B8D0D2574DAF8E448757B7776BAEF3A64C7E654636BCEEF3E