Lucene search

IBM6196096A641888F8774DDA2280F01A56BF7C3286E45AD6A9E3F04097B0A9CD6A

HistoryFeb 14, 2024 - 6:00 a.m.

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications

2024-02-1406:00:05

www.ibm.com

ibm sdk

java technology edition

ibm content collector

sap applications

oracle critical patch update

java se

remote attacker

low impact

vm component

libraries component

vulnerability

remediation

fix

version 4.0.0

cve-2023-22045

cve-2023-22049

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.1%

JSON

Summary

Multiple Vulnerabilities were disclosed as part of the Oracle July 2023 Critical Patch Update.

Vulnerability Details

CVEID:CVE-2023-22045
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality impacts.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261047 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2023-22049
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow a remote attacker to cause low integrity impacts.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261048 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Content Collector for SAP Applications	4.0.0

Remediation/Fixes

Product

| VRM|Remediation
—|—|—
IBM Content Collector for SAP Applications| 4.0.0|

Use IBM Content Collector for SAP Applications 4.0.0.2-ICCSAP-FP2-JRE-8.0.8.15

Use IBM Content Collector for SAP Applications 4.0.0.3-ICCSAP-Base-JRE-8.0.8.15

Use IBM Content Collector for SAP Applications 4.0.0.4-ICCSAP-Base-JRE-8.0.8.15

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmcontent_collector_for_sap_applicationsMatch4.0.0.2

ibmcontent_collector_for_sap_applicationsMatch4.0.0.3

CPENameOperatorVersion
ibm content collector for sap applicationseq4.0.0.2
ibm content collector for sap applicationseq4.0.0.3

CPE	Name	Operator	Version
	ibm content collector for sap applications	eq	4.0.0.2
	ibm content collector for sap applications	eq	4.0.0.3

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.1%

JSON

Related for 6196096A641888F8774DDA2280F01A56BF7C3286E45AD6A9E3F04097B0A9CD6A