IBMEE46E4F493F456699A7CA10804D8498E26AB27FC70EDD6DB31949516494BA3D2Security Bulletin: Security vulnerability is addressed with IBM Cloud Pak for Business Automation iFixes for September 2022 (CVE-2021-2163)
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
Percentile
60.9%
Summary
In addition to many updates of operating system level packages, the following security vulnerability is addressed with IBM Cloud Pak for Business Automation 21.0.3-IF013 and 22.0.1-IF003.
Vulnerability Details
CVEID:CVE-2021-2163
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/200292 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) | Status |
|---|
IBM Cloud Pak for Business Automation
| V22.0.1 - V22.0.1-IF002 | affected
IBM Cloud Pak for Business Automation | V21.0.3 - V21.0.3-IF012 | affected
IBM Cloud Pak for Business Automation |
V21.0.2 - V21.0.2-IF012 and later fixes
V21.0.1 - V21.0.1-IF007 and later fixes
V20.0.1 - V20.0.3 and later fixes
V19.0.1 - V19.0.3 and later fixes
V18.0.0 - V18.0.2 and later fixes
| affected
Remediation/Fixes
| Any open source library may be included in one or more sub-components of IBM Cloud Pak for Business Automation. Open source updates are not always synchronized across all components. The CVE in this bulletin are specifically addressed by CVE ID | Addressed in component |
|---|---|
| CVE-2021-2163 | All Java based components |
| Affected Product(s) | Version(s) | Remediation / Fix |
|---|---|---|
| IBM Cloud Pak for Business Automation | V22.0.1 | Apply security fix 22.0.1-IF003 |
| IBM Cloud Pak for Business Automation | V21.0.3 - V21.0.3-IF010 | Apply security fix 21.0.3-IF013 or upgrade to 22.0.1-IF003 |
| IBM Cloud Pak for Business Automation | V21.0.1 - V21.0.1-IF008 | |
| V20.0.1 - V20.0.3 | ||
| V19.0.1 - V19.0.3 | ||
| V18.0.0 - V18.0.2 | Upgrade to 21.0.3-IF013 or 22.0.1-IF003 |
Workarounds and Mitigations
None
Affected configurations
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
Percentile
60.9%