Lucene search

K

IBMA3E5257E7F3541000A43AE6316C70B1F11B68DCDD4E78F407AF38AAFBD1CB780

HistoryJun 20, 2022 - 4:00 p.m.

Security Bulletin: An Unspecified Vulnerability in Java runtime affects IBM SPSS Statistics (CVE-2022-21496)

2022-06-2016:00:30

www.ibm.com

14

ibm

spss statistics

java runtime

vulnerability

cve-2022-21496

security patch

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.002

Percentile

56.1%

Summary

There is a vulnerability in IBM® Runtime Environment Java™ Versions 8.0 used by IBM SPSS Statistics. IBM SPSS Statistics has addressed this vulnerability.

Vulnerability Details

CVEID:CVE-2022-21496
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/224777 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
SPSS Statistics	28.0.1.1
SPSS Statistics	28.0.1
SPSS Statistics	27.0.1
SPSS Statistics	26.0
SPSS Statistics	25.0

Remediation/Fixes

Affected Products	Versions	Fixes
SPSS Statistics	28.0.1.1	Install Statistics 28.0.1.1-IF005
SPSS Statistics	28.0.1

Install Statistics 28.0.1-IF011

SPSS Statistics| 27.0.1|

Install Statistics 27.0.1-IF026

SPSS Statistics| 26.0.0.1|

Install Statistics 26 FP001-IF018

SPSS Statistics| 25.0.0.2| Install Statistics 25 FP002-IF018

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmspss_statisticsMatch25.0

OR

ibmspss_statisticsMatch26.0

OR

ibmspss_statisticsMatch27.0

OR

ibmspss_statisticsMatch28.0

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.002

Percentile

56.1%

Related for A3E5257E7F3541000A43AE6316C70B1F11B68DCDD4E78F407AF38AAFBD1CB780

ibm66 cve1 prion1 debiancve1 nvd1 ubuntucve1 cvelist1 veracode1 alpinelinux1 redhatcve1 osv11 nessus50 openvas16 mageia1 redhat22 almalinux2 amazon3 cloudlinux1 suse2 altlinux2 ubuntu1 oraclelinux7 debian2 centos2 rocky2