IBMF8B6AF005DB831F7CED4ADA5EB7732CA7E663DAB6BF17B9A94C73ED7C85D73A3Security Bulletin: Vulnerability in IBM Java SDK may affect IBM Storage Scale (CVE-2023-22045)
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
23.0%
Summary
There is a vulnerability in IBM SDK Java Technology Edition, used by IBM Storage Scale. Fix for this issue is available in all versions.
Vulnerability Details
CVEID:CVE-2023-22045
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality impacts.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261047 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Storage Scale | 5.1.0.0 - 5.1.2.12 |
| IBM Storage Scale | 5.1.3.0 - 5.1.8.1 |
Remediation/Fixes
For IBM Spectrum Scale V5.1.0.0 through V5.1.2.12, apply V5.1.2.13 available from FixCentral at:
For IBM Spectrum Scale V5.1.3.0 through V5.1.8.1, apply V5.1.8.2 available from FixCentral at:
Workarounds and Mitigations
None
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | scale_out_network_attached_storage | 5.1. | cpe:2.3:h:ibm:scale_out_network_attached_storage:5.1.:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
23.0%