CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
AI Score
Confidence
High
EPSS
Percentile
59.5%
Multiple vulnerabilities found in IBM Java SDK reported in the IBM Java SDK CPU update October 2022 affect OS Image shipped with Cloud Pak System.
CVEID:CVE-2022-21628
**DESCRIPTION:**Java SE is vulnerable to a denial of service, caused by a flaw in the Lightweight HTTP Server. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238623 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2022-21626
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238689 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2022-21624
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to update, insert or delete data resulting in a low integrity impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238699 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID:CVE-2022-21619
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to update, insert or delete data resulting in a low integrity impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238698 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) /Power |
---|---|
IBM Cloud Pak System | 2.3.1.1., 2.3.2.0 |
IBM Cloud Pak System | 2.3.3.7 |
Affected Product(s) | Version(s) Intel |
IBM Cloud Pak System | 2.3.3.0 |
IBM Cloud Pak System | 2.3.3.1, 2.3.3.1 iFix1 |
IBM Cloud Pak System | 2.3.3.3, 2.3.3.3 iFIx1 |
IBM Cloud Pak System | 2.3.3.4 |
IBM Cloud Pak System | 2.3.3.5 |
IBM Cloud Pak System | 2.3.3.6, 2.3.36 iFIx1 |
For unsupported version/release/platform IBM recommends upgrading to a fixed, supported /release/platform of the product.
The recommended solution is to apply the fix reported below as soon as practical.
Cloud Pak System release IBM Cloud Pak System v2.3.3.7 Interim fix 1 for Power provide base image for AIX v.3.1.20 based on AIX 7.2 TLS SP6 with Java v8.0.8.6 update. Also since Cloud Pak System 2.3.36 Base Image for Red Hat Enterprise Linux update to v.4.0.2.0.
For IBM Cloud Pak System v2.3.1.1, v2.3.2.0 for Power
upgrade to Cloud Pak System v2.3.3.7 , then apply Cloud Pak System v2.3.3.7 Interim Fix 1
Information on upgrading to Cloud Pak System v.2.3.3.7 at <https://www.ibm.com/support/pages/node/6982511>
For Cloud Pak System V2.3.3.7 for Power, apply Cloud Pak System V2.3.3.7 Interim Fix 1.
Information on upgrading to Cloud Pak System v.2.3.3.7 Interim Fix at <http://www.ibm.com/support/docview.wss?uid=ibm10887959>
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | cloud_pak_system | 2.3.3 | cpe:2.3:a:ibm:cloud_pak_system:2.3.3:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
AI Score
Confidence
High
EPSS
Percentile
59.5%