Lucene search

IBM7A4AFD1BE9A50524DAF7608F419D48BD995FB5D2B34699E4BD6C92C226B15726

HistoryDec 06, 2022 - 4:11 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager (CVE-2022-21541, CVE-2022-21540)

2022-12-0616:11:42

www.ibm.com

ibm tivoli business service manager

ibm java sdk

cve-2022-21541

cve-2022-21540

upgrade

security bulletin

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

49.7%

JSON

Summary

IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin.

Vulnerability Details

CVEID:CVE-2022-21541
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/231568 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:CVE-2022-21540
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/231567 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Tivoli Business Service Manager	6.2.0

Remediation/Fixes

Principal Product and Version(s)	Affected Supporting Product and Version
IBM Tivoli Business Service Manager 6.2.0	IBM strongly recommends addressing the vulnerability now by upgrading the Java SDK.

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Upgrade to IBM® SDK, Java™ Technology Edition Version 8 Service Refresh 7 FP15, please follow How to upgrade JREs shipped with Tivoli Business Service Manager to upgrade.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmtivoli_business_service_managerMatch6.2.0

VendorProductVersionCPE
ibmtivoli_business_service_manager6.2.0cpe:2.3:a:ibm:tivoli_business_service_manager:6.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	tivoli_business_service_manager	6.2.0	cpe:2.3:a:ibm:tivoli_business_service_manager:6.2.0:::::::*

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

49.7%

JSON

Related for 7A4AFD1BE9A50524DAF7608F419D48BD995FB5D2B34699E4BD6C92C226B15726