CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS
Percentile
36.1%
There are multiple vulnerabilities in IBM® Semeru Runtime Versions 8 and 11 used by IBM ILOG CPLEX Optimization Studio. These issues were disclosed as part of the Oracle / OpenJDK April 2023 Critical Patch Updates.
CVEID:CVE-2023-21968
**DESCRIPTION:**An unspecified vulnerability in Oracle Java SE and GraalVM Enterprise Edition related to the Libraries component could allow an unauthenticated attacker to cause low integrity impact.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253083 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID:CVE-2023-21937
**DESCRIPTION:**An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the Networking component could allow a remote attacker to cause integrity impact.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253167 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID:CVE-2023-21938
**DESCRIPTION:**An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the Libraries component could allow a remote attacker to cause integrity impact.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253155 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM ILOG CPLEX Optimization Studio (COS) | 22.1.1 |
IBM ILOG CPLEX Optimization Studio (COS) | 22.1 |
IBM ILOG CPLEX Optimization Studio (COS) | 20.1.0.1 |
IBM ILOG CPLEX Optimization Studio (COS) | 20.1 |
IBM ILOG CPLEX Optimization Studio (COS) | 12.10 |
IBM ILOG CPLEX Optimization Studio (COS) | 12.9 |
IBM ILOG CPLEX Optimization Studio (COS) | 12.8 |
IBM SDK, Java Technology Edition, Version 8 Service Refresh 8 Fix Pack 6 and subsequent releases
IBM SDK, Java Technology Edition, Version 11 Service Refresh 19 Fix Pack 0 and subsequent releases
The recommended solution is to download and install the appropriate version of IBM JRE as soon as practicable.
Here are the detailed instructions for updating IBM JRE.
You must verify that applying this fix does not cause any compatibility issues.
For HP-UX, MacOS and Solaris, IBM recommends upgrading to a fixed, supported version/release/platform of the product.
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | ibm_ilog_cplex_optimization_studio | 12.9 | cpe:2.3:a:ibm:ibm_ilog_cplex_optimization_studio:12.9:*:*:*:*:*:*:* |
ibm | ibm_ilog_cplex_optimization_studio | 12.10 | cpe:2.3:a:ibm:ibm_ilog_cplex_optimization_studio:12.10:*:*:*:*:*:*:* |
ibm | ibm_ilog_cplex_optimization_studio | 20.1 | cpe:2.3:a:ibm:ibm_ilog_cplex_optimization_studio:20.1:*:*:*:*:*:*:* |
ibm | ibm_ilog_cplex_optimization_studio | 20.1.0.1 | cpe:2.3:a:ibm:ibm_ilog_cplex_optimization_studio:20.1.0.1:*:*:*:*:*:*:* |
ibm | ibm_ilog_cplex_optimization_studio | 22.1 | cpe:2.3:a:ibm:ibm_ilog_cplex_optimization_studio:22.1:*:*:*:*:*:*:* |
ibm | ibm_ilog_cplex_optimization_studio | 22.1.1 | cpe:2.3:a:ibm:ibm_ilog_cplex_optimization_studio:22.1.1:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS
Percentile
36.1%