Lucene search

IBMEB2998747C79B5C1AE3AB6B04CE92779866C0105F4D1D9F2EE20090C250577D1

HistoryFeb 13, 2024 - 11:00 a.m.

Security Bulletin: IBM Event Streams is affected by an unauthenticated access (CVE-2023-22045 and CVE-2023-22049).

2024-02-1311:00:04

www.ibm.com

ibm event streams

unauthenticated access

low confidentiality

integrity impacts

java se

vulnerabilities

cve-2023-22045

cve-2023-22049

upgrading and migrating.

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.0%

JSON

Summary

This security vulnerability in Java SE related to the VM component and Libraries component could allow a remote attacker to cause low confidentiality and integrity impacts.

Vulnerability Details

CVEID:CVE-2023-22045
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality impacts.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261047 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2023-22049
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow a remote attacker to cause low integrity impacts.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261048 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Event Streams	10.0.0-11.2.3

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading

IBM Event Streams (Continuous Delivery)

Upgrade to IBM Event Streams 11.2.4 by following the upgrading and migrating documentation.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmevent_streamsRange10.0.0≥

ibmevent_streamsRange≤11.2.3

CPENameOperatorVersion
ibm event streamsge10.0.0
ibm event streamsle11.2.3

CPE	Name	Operator	Version
	ibm event streams	ge	10.0.0
	ibm event streams	le	11.2.3

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.0%

JSON

Related for EB2998747C79B5C1AE3AB6B04CE92779866C0105F4D1D9F2EE20090C250577D1