5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
48.3%
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7.0, 7.1 and 8.0 used by CICS Transaction Gateway. CICS Transaction Gateway has addressed a CVE that could allow an unauthenticated attacker to cause a denial of service and two CVEs that could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVEID:CVE-2022-21496
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/224777 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID:CVE-2022-21434
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/224718 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID:CVE-2022-21443
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/224726 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM CICS Transaction Gateway |
v9.2.0.0 – 9.2.0.2
IBM CICS Transaction Gateway| v9.1.0.0 – 9.1.0.3
IBM CICS Transaction Gateway| v9.0.0.0 – 9.0.0.5
IBM CICS Transaction Gateway| v8.1.0.0 – 8.1.0.5
IBM CICS Transaction Gateway| v8.0.0.0 – 8.0.0.6
IBM strongly recommends you apply the following fixes
Product
| VRMF|APAR|Remediation / First Fix
—|—|—|—
CICS Transaction Gateway for Multiplatforms| 9.2.0.0
9.2.0.1
9.2.0.2|
Updated JRE’s have been made available on Fix Central as Fix packs.
AIX: 8.0.7-CICSTG-AIXpSeries32-JRE-SR10
xLinux: 8.0.7-CICSTG-Linuxx8632-JRE-SR10
pLinux: 8.0.7-CICSTG-LinuxpSeries32-JRE-SR10
zLinux: 8.0.7-CICSTG-LinuxzSeries31-JRE-SR10
Windows:8.0.7-CICSTG-Windowsx8632-JRE-SR10
| Fix Central Link
CICS Transaction Gateway for Multiplatforms| 9.1.0.0
9.1.0.1
9.1.0.2
9.1.0.3|
Updated JRE’s have been made available on Fix Central as Fix packs.
AIX: 7.1.5-CICSTG-AIXpSeries32-JRE-SR10
xLinux: 7.1.5-CICSTG-Linuxx8632-JRE-SR10
pLinux: 7.1.5-CICSTG-LinuxpSeries32-JRE-SR10
zLinux: 7.1.5-CICSTG-LinuxzSeries31-JRE-SR10
Windows: 7.1.5-CICSTG-Windowsx8632-JRE-SR10
| Fix Central Link
CICS Transaction Gateway for Multiplatforms|
9.0.0.0
9.0.0.1
9.0.0.2
9.0.0.3
9.0.0.4
9.0.0.5
8.1.0.0
8.1.0.1
8.1.0.2
8.1.0.3
8.1.0.4
8.1.0.5
8.0.0.0
8.0.0.1
8.0.0.2
8.0.0.3
8.0.0.4
8.0.0.5
8.0.0.6
| Updated JRE’s have been made available on Fix Central as Fix packs.
Solaris: 7.0.11-CICSTG-SolarisSPARC32-JRE-SR10
AIX: 7.0.11-CICSTG-AIXpSeries32-JRE-SR10
xLinux: 7.0.11-CICSTG-Linuxx8632-JRE-SR10
pLinux: 7.0.11-CICSTG-LinuxpSeries32-JRE-SR10
zLinux: 7.0.11-CICSTG-LinuxzSeries31-JRE-SR10
Windows: 7.0.11-CICSTG-Windowsx8632-JRE-SR10| Fix Central Link
None
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
48.3%