Security Bulletin: IBM Security Identity Governance and Intelligence is vulnerable to unauthenticated access resulting in various threats (CVE-2022-21496)

2022-09-3008:26:59

www.ibm.com

ibm security identity governance

unauthenticated access

vulnerability

cve-2022-21496

java se

data manipulation

denial of service

upgrade.

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.003

Percentile

66.6%

JSON

Summary

IBM Security Identity Governance and Intelligence is vulnerable to sensitive information access, data manipulation and denial of service by an unauthenticated attacker due to a vulnerability in Java SE related to the JNDI component (CVE-2022-21496). The fix includes upgrading Java SE and Liberty to patched versions.

Vulnerability Details

CVEID:CVE-2022-21496
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/224777 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)