CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
62.2%
Apache Derby database is used by IBM Jazz for Service Management to store dashboards data. [CVE-2022-46337] This bulletin identifies the steps to take to address the vulnerability.
CVEID:CVE-2022-46337
**DESCRIPTION:**Apache Derby could allow a remote attacker to bypass security restrictions, caused by a LDAP injection vulnerability in authenticator. By sending a specially crafted request, an attacker could exploit this vulnerability to view and corrupt sensitive data and run sensitive database functions and procedures.
CVSS Base score: 9.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271915 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
Jazz for Service Management | 1.1.3.0 to 1.1.3.20 |
Affected JazzSM Version | Recommended Fix. |
---|---|
Jazz for Service Management versions - 1.1.3.0 to 1.1.3.20 |
Install JazzSM 1.1.3.21 - 1.1.3-TIV-JazzSM-multi-FP021
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | jazz_for_service_management | 1.1.3 | cpe:2.3:a:ibm:jazz_for_service_management:1.1.3:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
62.2%