CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS
Percentile
52.9%
IBM MQ Internet Pass-Thru has addressed the following vulnerability in the IBM® Runtime Environment Java™ Technology Edition, Version 7 and Version 8 used by IBM MQ Internet Pass-Thru.
CVEID:CVE-2022-21626
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238689 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM WebSphere Internet Pass-Thru | 2.1 |
IBM WebSphere Internet Pass-Thru version 2.1 IBM strongly recommends that you address this vulnerability now by applying fix pack MQIPT 2.1.0.6 and upgrading the MQIPT JRE to the latest available for MQIPT 2.1.0.6.
Note: This MQIPT 2.1 JRE update is provided on Solaris platforms only, for users with appropriate extended support entitlement. Contact IBM support to obtain the installation files for MQIPT 2.1.0.6 and the JRE update for MQIPT 2.1.0.6 on Solaris. Users of MQIPT 2.1 on all other platforms should migrate to MQIPT 9.3.
None
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS
Percentile
52.9%