Lucene search

IBMD2E153FE8D30DF3B5D732A40AEC2E9F107E7ACE7096901CF28E4A85CDA5AAD05

HistoryMay 02, 2024 - 2:16 p.m.

Security Bulletin: Vulnerability in IBM Semeru Runtime affects Host On-Demand

2024-05-0214:16:53

www.ibm.com

ibm semeru runtime

quarterly critical patch update

host on-demand

weak cryptographic algorithms

cve-2024-20952

cve-2024-22361

confidentiality impact

hod v15.0.2

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.3%

JSON

Summary

There is a vulnerability in IBM Semeru Runtime Quarterly Critical Patch Update - Jan 2024 - Includes OpenJDK Jan 2024 Critical Patch Update. Host On-Demand has addressed the applicable CVE plus CVE-2024-22361.

Vulnerability Details

CVEID:CVE-2024-20952
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high confidentiality impact and high integrity impact.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279685 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID:CVE-2024-22361
**DESCRIPTION:**IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/281222 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
HOD	15.0-15.0.1

Remediation/Fixes

For Client Fix

Upgrade to fixed updated HOD version from the following location:

HOD v15.0.2

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Host+On-Demand&release=15.0.2&platform=All&function=all

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmclient_accessMatch15.0

ibmclient_accessMatch15.0.1

CPENameOperatorVersion
host access client packageeq15.0
host access client packageeq15.0.1

CPE	Name	Operator	Version
	host access client package	eq	15.0
	host access client package	eq	15.0.1

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.3%

JSON

Related for D2E153FE8D30DF3B5D732A40AEC2E9F107E7ACE7096901CF28E4A85CDA5AAD05