Lucene search

IBMD7CA31FD133784EA4DD78EB75768669CA6D56DF4D4431CC8EA26697DB9F0BFDA

HistoryFeb 06, 2023 - 6:21 a.m.

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications

2023-02-0606:21:46

www.ibm.com

ibm content collector

sap applications

oracle java se

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.002 Low

EPSS

Percentile

59.6%

JSON

Summary

Multiple Vulnerabilities were disclosed as part of the Oracle October 2022 Critical Patch Update.

Vulnerability Details

CVEID:CVE-2022-21628
**DESCRIPTION:**Java SE is vulnerable to a denial of service, caused by a flaw in the Lightweight HTTP Server. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238623 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2022-21626
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238689 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2022-21624
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to update, insert or delete data resulting in a low integrity impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238699 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2022-21619
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to update, insert or delete data resulting in a low integrity impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238698 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Content Collector for SAP Applications	4.0

Remediation/Fixes

Product

| VRM|Remediation
—|—|—
IBM Content Collector for SAP Applications| 4.0|

Use IBM Content Collector for SAP Applications4.0.0.2-ICCSAP-FP2-JRE-8.0.7.20

Use IBM Content Collector for SAP Applications4.0.0.3-ICCSAP-Base-JRE-8.0.7.20

Use IBM Content Collector for SAP Applications4.0.0.4-ICCSAP-Base-JRE-8.0.7.20

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmcontent_collector_for_sap_applicationsMatch4.0.0.2

ibmcontent_collector_for_sap_applicationsMatch4.0.0.3

CPENameOperatorVersion
ibm content collector for sap applicationseq4.0.0.2
ibm content collector for sap applicationseq4.0.0.3

CPE	Name	Operator	Version
	ibm content collector for sap applications	eq	4.0.0.2
	ibm content collector for sap applications	eq	4.0.0.3

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.002 Low

EPSS

Percentile

59.6%

JSON

Related for D7CA31FD133784EA4DD78EB75768669CA6D56DF4D4431CC8EA26697DB9F0BFDA