There is a vulnerability in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. This issue was disclosed as part of the IBM Java SDK updates in July 2021.
CVEID:CVE-2021-2432
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205856 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Product(s) | Version |
---|---|
InfoSphere Information Server, | |
Information Server on Cloud | 11.7 |
Product |
VRMF
|
APAR
|
Remediation/First Fix
—|—|—|—
InfoSphere Information Server, Information Server on Cloud
|
11.7
|
|
--Follow instructions in the README
--If not previously addressed, for AIX installations, see Technote for class not found errors related to ProviderExceptions, Failed to initialize IBMJCEPlus provider, and jgskit (Not found in java.library.path)
None
CPE | Name | Operator | Version |
---|---|---|---|
infosphere information server | eq | 11.7 |