Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMFA0D16085D7CE1515F097F4DA9BB0566F1E2BFFB3DB554BAB91647D6174F1268
HistoryMay 17, 2023 - 10:08 p.m.

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Oracle products ( CVE-2020-2934, CVE-2022-21363)

2023-05-1722:08:39
www.ibm.com
29
oracle
infosphere
information server
cve-2020-2934
cve-2022-21363
vulnerabilities
remediation
version 11.7

CVSS2

6

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

78.1%

JSON

Summary

Multiple vulnerabilities in Oracle products used by InfoSphere Information Server were addressed.

Vulnerability Details

CVEID:CVE-2020-2934
**DESCRIPTION:**An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179829 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)

CVEID:CVE-2022-21363
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Connectors related to the Connector/J component could allow an authenticated attacker to take control of the system.
CVSS Base score: 6.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217657 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
InfoSphere Information Server 11.7

Remediation/Fixes

Product VRMF APAR Remediation
InfoSphere Information Server, InfoSphere Information Server on Cloud 11.7 DT197436 --Apply IBM InfoSphere Information Server version 11.7.1.0
--Apply InfoSphere Information Server version 11.7.1.4
--Apply InfoSphere Information Server 11.7.1.4 Service pack 1

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibminfosphere_information_serverMatch11.7
VendorProductVersionCPE
ibminfosphere_information_server11.7cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*

Related

debiancve 2
nvd 2
cvelist 2
cbl_mariner 2
osv 4
redhatcve 2
prion 2
vulnrichment 2
ubuntucve 2
cnvd 1
veracode 1
github 1
cve 2
nessus 19
amazon 1
openvas 7
mageia 1
debian 2
suse 2
fedora 2
freebsd 2
redhat 9
ibm 2
photon 4
oracle 2
gentoo 1
debiancve
debiancve
CVE-2022-21363
2022-01-19 12:15:00
CVE-2020-2934
2020-04-15 14:15:00
nvd
nvd
CVE-2022-21363
2022-01-19 12:15:15
CVE-2020-2934
2020-04-15 14:15:36
cvelist
cvelist
CVE-2022-21363
2022-01-19 11:25:44
CVE-2020-2934
2020-04-15 13:29:53
cbl_mariner
cbl_mariner
CVE-2022-21363 affecting package mysql for versions less than 8.0.28-1
2022-04-09 06:53:03
CVE-2022-21363 affecting package mysql 8.0.27-2
2022-02-08 03:14:35
osv
osv
CVE-2022-21363
2022-01-19 12:15:15
Improper Handling of Insufficient Permissions or Privileges in MySQL Connectors Java
2022-01-20 00:00:48
mysql-connector-java - security update
2020-06-11 00:00:00
redhatcve
redhatcve
CVE-2022-21363
2022-01-27 17:28:52
CVE-2020-2934
2020-06-25 12:54:46
prion
prion
Design/Logic Flaw
2022-01-19 12:15:00
Design/Logic Flaw
2020-04-15 14:15:00
vulnrichment
vulnrichment
CVE-2022-21363
2022-01-19 11:25:44
CVE-2020-2934
2020-04-15 13:29:53
ubuntucve
ubuntucve
CVE-2022-21363
2022-01-19 00:00:00
CVE-2020-2934
2020-04-15 00:00:00
cnvd
cnvd
Oracle MySQL Connectors Input Validation Error Vulnerability (CNVD-2022-15473)
2022-01-26 00:00:00
veracode
veracode
Privilege Escalation
2022-06-02 21:00:00
github
github
Improper Handling of Insufficient Permissions or Privileges in MySQL Connectors Java
2022-01-20 00:00:48
cve
cve
CVE-2022-21363
2022-01-19 12:15:15
CVE-2020-2934
2020-04-15 14:15:36
nessus
nessus
Amazon Linux 2 : mysql-connector-java (ALAS-2023-2017)
2023-04-20 00:00:00
Oracle MySQL Connectors (January 2022 CPU)
2022-01-20 00:00:00
Debian DLA-2245-1 : mysql-connector-java security update
2020-06-12 00:00:00
amazon
amazon
Medium: mysql-connector-java
2023-04-13 19:28:00
openvas
openvas
Mageia: Security Advisory (MGASA-2020-0369)
2022-01-28 00:00:00
Debian: Security Advisory (DLA-2245-1)
2020-06-12 00:00:00
openSUSE: Security Advisory for mysql-connector-java (openSUSE-SU-2021:1126-1)
2021-08-11 00:00:00
mageia
mageia
Updated mysql-connector-java package fixes security vulnerability
2020-09-21 22:45:58
debian
debian
[SECURITY] [DSA 4703-1] mysql-connector-java security update
2020-06-11 17:47:17
[SECURITY] [DLA 2245-1] mysql-connector-java security update
2020-06-11 18:29:24
suse
suse
Security update for mysql-connector-java (moderate)
2021-08-05 00:00:00
Security update for mysql-connector-java (moderate)
2021-08-10 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: mysql-connector-java-8.0.21-1.fc32
2020-09-03 16:40:47
[SECURITY] Fedora 33 Update: mysql-connector-java-8.0.21-1.fc33
2020-09-25 17:06:39
freebsd
freebsd
MySQL Client -- Multiple vulerabilities
2020-04-14 00:00:00
MySQL -- Multiple vulnerabilities
2022-01-18 00:00:00
redhat
redhat
(RHSA-2022:4623) Moderate: Red Hat build of Quarkus 2.7.5 release and security update
2022-05-18 10:52:45
(RHSA-2020:4960) Moderate: Red Hat Decision Manager 7.9.0 security update
2020-11-05 18:43:06
(RHSA-2020:4961) Moderate: Red Hat Process Automation Manager 7.9.0 security update
2020-11-05 18:44:42
ibm
ibm
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.1
2022-10-28 18:30:08
Security Bulletin: IBM API Connect's Developer Portal is impacted by vulnerabilities in MySQL.
2020-10-06 21:09:57
photon
photon
Critical Photon OS Security Update - PHSA-2022-0153
2022-02-13 00:00:00
Critical Photon OS Security Update - PHSA-2022-0358
2022-02-07 00:00:00
Critical Photon OS Security Update - PHSA-2022-4.0-0153
2022-02-15 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2022
2022-01-18 00:00:00
Oracle Critical Patch Update Advisory - April 2020
2020-04-14 00:00:00
gentoo
gentoo
MySQL: Multiple vulnerabilities
2021-05-26 00:00:00

CVSS2

6

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

78.1%

JSON
Related for FA0D16085D7CE1515F097F4DA9BB0566F1E2BFFB3DB554BAB91647D6174F1268
debiancve2nvd2cvelist2cbl_mariner2osv4redhatcve2prion2vulnrichment2ubuntucve2cnvd1veracode1github1cve2nessus19amazon1openvas7mageia1debian2suse2fedora2freebsd2redhat9ibm2photon4oracle2gentoo1