IBMC0EB1F0733E8B9D6D319E491CA0FB3EEB6767DE7C2409EF5AA4A685704040C37Security Bulletin: IBM Copy Services Manager is vulnerable to crypto attack vulnerabilities due to IBM Java 8 vulnerabilities.
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
61.6%
Summary
IBM Copy Services Manager is vulnerable to the listed attack vectors in the bundled depencency IBM Java 8.0.7.0 through 8.0.7.11. IBM Java is used by IBM Copy Services Manager as a code base and virtal machine runtime. The following vulnerabilities have been identified: CVE-2023-30441 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). The fix for these vulnerabilities is included in IBM Java version 8.0.7.15.
Vulnerability Details
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Copy Services Manager | 6.3.4 |
Remediation/Fixes
| Affected Product(s) | Version(s) |
|---|---|
| IBM Copy Services Manager | 6.3.5 |
| Upgrade Copy Services Manager to version 6.3.5. Clients can acquire CSM from FixCentral <https://www.ibm.com/support/pages/node/6842229> |
Workarounds and Mitigations
None
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | ibm_copy_services_manager | 6.3.1 | cpe:2.3:a:ibm:ibm_copy_services_manager:6.3.1:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
61.6%