A flaw in the JAR validation implementation may, under certain limited circumstances, lead to a failure to detect signedJAR files that have been modified. The fix ensures that JARs that have been modified since they were signed are properly detected and treated asunsigned.
CVEID:CVE-2021-2369
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Library component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205796 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Control Center | 6.1.3 |
IBM Control Center | 6.2.0.0 |
Product
|
VRMF
|
iFix
|
Remediation
—|—|—|—
IBM Control Center
|
6.1.3.0
|
iFix12
|
IBM Control Center
|
6.2.0.0
|
iFix10
or later
|
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm control center | eq | 6.2.0.0 | |
ibm control center | eq | 6.1.3.0 |