Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM49FF2650E4D34A59324034D2D9D7A7421F32EC337402F43640EB6D68EE3F567E
HistoryJan 06, 2023 - 6:45 a.m.

Security Bulletin: Enterprise Content Management System Monitor is affected by a vulnerability in IBM® SDK Java™ Technology Edition

2023-01-0606:45:59
www.ibm.com
12
ibm
java
vulnerability
denial of service
update
insert
delete
integrity
low availability
security

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.002

Percentile

59.5%

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, used by Enterprise Content Management System Monitor. Enterprise Content Management System Monitor has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2022-21628
**DESCRIPTION:**Java SE is vulnerable to a denial of service, caused by a flaw in the Lightweight HTTP Server. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238623 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2022-21626
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238689 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2022-21624
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to update, insert or delete data resulting in a low integrity impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238699 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2022-21619
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to update, insert or delete data resulting in a low integrity impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238698 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
Enterprise Content Management System Monitor 5.5

Remediation/Fixes

Please download ECMSM 5.5.7.0.6 from below link and install:

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/FileNet+System+Monitor&release=5.5.7.0&platform=All&function=all

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmenterprise_content_management_system_monitorMatch5.5.7

Related

nessus 64
redhat 20
amazon 4
openvas 19
fedora 6
ibm 47
oraclelinux 8
almalinux 6
osv 13
rocky 6
centos 2
kaspersky 1
ubuntu 1
broadcom 1
f5 1
nessus
nessus
Amazon Linux 2 : (ALAS-2023-1922)
2023-02-06 00:00:00
SUSE SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2022:4373-1)
2022-12-09 00:00:00
Amazon Linux AMI : (ALAS-2023-1678)
2023-02-06 00:00:00
redhat
redhat
(RHSA-2022:8880) Moderate: java-1.8.0-ibm security update
2022-12-07 10:41:58
(RHSA-2022:7004) Moderate: java-1.8.0-openjdk security update
2022-10-19 21:05:31
(RHSA-2022:7007) Moderate: java-1.8.0-openjdk security update
2022-10-20 07:34:19
amazon
amazon
Medium: java-1.8.0-openjdk
2023-01-30 16:02:00
Medium: java-1.8.0-openjdk
2023-01-31 20:44:00
Medium: java-17-amazon-corretto
2022-10-17 21:46:00
openvas
openvas
Fedora: Security Advisory for java-1.8.0-openjdk (FEDORA-2022-dedbb92a08)
2022-11-11 00:00:00
Fedora: Security Advisory for java-1.8.0-openjdk (FEDORA-2022-b050ae8974)
2022-11-04 00:00:00
Huawei EulerOS: Security Advisory for java-1.8.0-openjdk (EulerOS-SA-2023-1319)
2023-02-09 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: java-1.8.0-openjdk-1.8.0.352.b08-2.fc37
2022-11-10 22:53:40
[SECURITY] Fedora 36 Update: java-1.8.0-openjdk-1.8.0.352.b08-2.fc36
2022-11-03 15:58:42
[SECURITY] Fedora 35 Update: java-1.8.0-openjdk-1.8.0.352.b08-2.fc35
2022-11-03 15:31:20
ibm
ibm
Security Bulletin: Multiple Vulnerabilities (CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619) affects CICS Transaction Gateway.
2023-02-10 09:58:59
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Oct 2022 CPU (CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619)
2023-02-07 14:27:09
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester
2023-06-16 18:56:39
oraclelinux
oraclelinux
java-1.8.0-openjdk security update
2022-10-21 00:00:00
java-1.8.0-openjdk security and bug fix update
2022-10-21 00:00:00
java-1.8.0-openjdk security update
2022-10-21 00:00:00
almalinux
almalinux
Moderate: java-1.8.0-openjdk security update
2022-10-20 00:00:00
Moderate: java-1.8.0-openjdk security update
2022-10-19 00:00:00
Moderate: java-17-openjdk security and bug fix update
2022-10-20 00:00:00
osv
osv
Moderate: java-1.8.0-openjdk security update
2022-10-19 21:13:39
Moderate: java-1.8.0-openjdk security update
2022-10-19 00:00:00
Moderate: java-1.8.0-openjdk security update
2022-10-20 07:34:19
rocky
rocky
java-1.8.0-openjdk security update
2022-10-19 21:13:39
java-1.8.0-openjdk security update
2022-10-20 07:34:19
java-11-openjdk security and bug fix update
2022-10-20 07:40:35
centos
centos
java security update
2022-10-26 14:19:03
java security update
2022-10-26 14:18:08
kaspersky
kaspersky
KLA20013 Multiple vulnerabilities in Oracle Java SE and GraalVM
2022-10-18 00:00:00
ubuntu
ubuntu
OpenJDK vulnerabilities
2022-11-09 00:00:00
broadcom
broadcom
Azul Zulu Java Multiple Vulnerabilities (CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399)
2023-08-29 00:00:00
f5
f5
K46859523 : Multiple Java vulnerabilities
2022-10-21 00:00:00

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.002

Percentile

59.5%

JSON
Related for 49FF2650E4D34A59324034D2D9D7A7421F32EC337402F43640EB6D68EE3F567E
nessus64redhat20amazon4openvas19fedora6ibm47oraclelinux8almalinux6osv13rocky6centos2kaspersky1ubuntu1broadcom1f51