Lucene search

IBMC554610A45CFB59FC9170B2C6DC1F2A4D4CC84198B97CDEDD371BDC99D66F824

HistoryJul 29, 2022 - 8:18 p.m.

Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Performance Tester (CVE-2021-35603)

2022-07-2920:18:49

www.ibm.com

ibm

java

sdk

runtime

rational performance tester

cve-2021-35603

vulnerability

information disclosure

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.002

Percentile

61.6%

JSON

Summary

A vulnerability in IBM SDK Java Version 1.8 and IBM Runtime Environment Java Version 1.8 used by Rational Performance Tester. Rational Performance Tester has addressed the applicable CVE.

Vulnerability Details

CVEID:CVE-2021-35603
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211676 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
RPT	9.5

Remediation/Fixes

Product	VRMF	APAR	Remediation/Fix
RPT	9.5	None	http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Performance+Tester&fixids=Rational-RPT-JavaPatch-Java8SR7FP10&source=SAR

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmrational_performance_testerMatch9.5

VendorProductVersionCPE
ibmrational_performance_tester9.5cpe:2.3:a:ibm:rational_performance_tester:9.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	rational_performance_tester	9.5	cpe:2.3:a:ibm:rational_performance_tester:9.5:::::::*

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.002

Percentile

61.6%

JSON

Related for C554610A45CFB59FC9170B2C6DC1F2A4D4CC84198B97CDEDD371BDC99D66F824