Vulnerability Name:

CVE-2022-21628 (CCN-238623)

Assigned:2021-11-15
Published:2022-10-18
Updated:2023-04-27
Summary:Oracle GraalVM Enterprise and Java SE are vulnerable to a denial of service, caused by a flaw in the Lightweight HTTP Server. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS v3 Severity:5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
5.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2022-21628

Source: XF
Type: UNKNOWN
oracle-cve202221628-dos(238623)

Source: secalert_us@oracle.com
Type: Mailing List, Third Party Advisory
secalert_us@oracle.com

Source: secalert_us@oracle.com
Type: Mailing List, Third Party Advisory
secalert_us@oracle.com

Source: secalert_us@oracle.com
Type: Mailing List, Third Party Advisory
secalert_us@oracle.com

Source: secalert_us@oracle.com
Type: Mailing List, Third Party Advisory
secalert_us@oracle.com

Source: secalert_us@oracle.com
Type: Mailing List, Third Party Advisory
secalert_us@oracle.com

Source: secalert_us@oracle.com
Type: Mailing List, Third Party Advisory
secalert_us@oracle.com

Source: secalert_us@oracle.com
Type: Third Party Advisory
secalert_us@oracle.com

Source: CCN
Type: IBM Security Bulletin 6838545 (Semeru Runtimes)
Multiple vulnerabilities may affect IBM Semeru Runtime

Source: CCN
Type: IBM Security Bulletin 6839127 (Java)
Multiple vulnerabilities may affect IBM SDK, Java Technology Edition

Source: CCN
Type: IBM Security Bulletin 6839869 (FileNet Content Manager)
Multiple Security vulnerabilities in IBM Java in FileNet Content Manager

Source: CCN
Type: IBM Security Bulletin 6844869 (Event Streams)
Vulnerabilities in the Java JDK affect IBM Event Streams (CVE-2022-3676, CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619)

Source: CCN
Type: IBM Security Bulletin 6845127 (Rational Functional Tester)
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester

Source: CCN
Type: IBM Security Bulletin 6845544 (Tivoli Business Service Manager)
Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager (CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619)

Source: CCN
Type: IBM Security Bulletin 6845948 (Spectrum Copy Data Management)
Vulnerabilities in PostgreSQL, Open JDK, and Jettison may affect IBM Spectrum Copy Data Management

Source: CCN
Type: IBM Security Bulletin 6846157 (Data Risk Manager)
IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Commons Text 1.9

Source: CCN
Type: IBM Security Bulletin 6846619 (z/Transaction Processing Facility)
Multiple vulnerabilities in IBM Java Runtime affect z/Transaction Processing Facility

Source: CCN
Type: IBM Security Bulletin 6847351 (Tivoli Netcool Impact)
Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact

Source: CCN
Type: IBM Security Bulletin 6847605 (Spectrum Control)
Vulnerabilities in IBM Java SDK affect IBM Spectrum Control

Source: CCN
Type: IBM Security Bulletin 6848221 (License Metric Tool)
Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9.

Source: CCN
Type: IBM Security Bulletin 6848295 (Cloud Pak for Business Automation)
Security vulnerability is addressed with IBM Cloud Pak for Business Automation iFixes for November 2022

Source: CCN
Type: IBM Security Bulletin 6851437 (AIX)
Multiple vulnerabilities in IBM Java SDK affect AIX

Source: CCN
Type: IBM Security Bulletin 6852357 (Cloud Application Business Insights)
Vulnerabilities in Java and IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights - CVE-2022-34165, CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619

Source: CCN
Type: IBM Security Bulletin 6852437 (Security SOAR)
IBM Security SOAR is using a component with a known vulnerability - IBM JDK 8.0.7.16 and earlier

Source: CCN
Type: IBM Security Bulletin 6852813 (Robotic Process Automation)
Multiple Security vulnerabilities in Java may affect IBM Robotic Process Automation for Cloud Pak (CVE-2022-21618, CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628, CVE-2022-39399)

Source: CCN
Type: IBM Security Bulletin 6853365 (Enterprise Content Management System Monitor)
Enterprise Content Management System Monitor is affected by a vulnerability in IBM SDK Java Technology Edition

Source: CCN
Type: IBM Security Bulletin 6854413 (Liberty for Java for Cloud)
Multiple Vulnerabilities in IBM Java SDK affects Liberty for Java for IBM Cloud due to the October 2022 CPU plus CVE-2022-3676

Source: CCN
Type: IBM Security Bulletin 6854647 (Tivoli Monitoring)
Vulnerabilities in IBM Java included with IBM Tivoli Monitoring.

Source: CCN
Type: IBM Security Bulletin 6855115 (Watson Discovery)
IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Java

Source: CCN
Type: IBM Security Bulletin 6855623 (Tivoli Application Dependency Discovery Manager)
IBM SDK Java Technology Edition, is used by IBM Tivoli Application Dependency Discovery Manager (TADDM) and is vulnerable to a denial of service (CVE-2022-21541, CVE-2022-21540, CVE-2021-2163)

Source: CCN
Type: IBM Security Bulletin 6856441 (Cloud Transformation Advisor)
IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6857701 (Robotic Process Automation for Cloud Pak)
Multiple security vulnerabilities in Java may affect IBM Robotic Process Automation (CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619, CVE-2022-3676)

Source: CCN
Type: IBM Security Bulletin 6857999 (Cloud Pak for Business Automation)
Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for January 2023

Source: CCN
Type: IBM Security Bulletin 6901057 (App Connect Professional)
Multiple vulnerabilities in IBM Java SDK affects App Connect Professional.

Source: CCN
Type: IBM Security Bulletin 6912697 (WebSphere Application Server Patterns)
Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Application Server October 2022 CPU that is bundled with IBM WebSphere Application Server Patterns

Source: CCN
Type: IBM Security Bulletin 6953401 (Content Collector for SAP Applications)
Multiple vulnerabilities may affect IBM SDK, Java Technology Edition for IBM Content Collector for SAP Applications

Source: CCN
Type: IBM Security Bulletin 6953579 (i)
IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to bypassing security restrictions, denial of service attacks, and data integrity impacts due to multiple vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6953873 (Rational Business Developer)
Vulnerabilities in IBM Java SDK and IBM Java Runtime affects Rational Business Developer

Source: CCN
Type: IBM Security Bulletin 6954671 (SPSS Collaboration and Deployment Services)
Multiple vulnerabilities in IBM Java Runtime affects SPSS Collaboration and Deployment Services (CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619)

Source: CCN
Type: IBM Security Bulletin 6954673 (SPSS Collaboration and Deployment Services)
Vulnerabilities in IBM Semeru Runtime affect SPSS Collaboration and Deployment Services (CVE-2022-21628, CVE-2022-21626, CVE-2022-21618, CVE-2022-39399, CVE-2022-21624, CVE-2022-21619, CVE-2022-3676)

Source: CCN
Type: IBM Security Bulletin 6954683 (Power HMC)
Vulnerability in IBM Java (CVE-2022-21628, CVE-2022-21626, CVE-2022-21624 and CVE-2022-21619) affects Power HMC

Source: CCN
Type: IBM Security Bulletin 6954695 (CICS Transaction Gateway)
Multiple Vulnerabilities (CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619) affects CICS Transaction Gateway.

Source: CCN
Type: IBM Security Bulletin 6955027 (PowerVM NovaLink)
IBM PowerVM Novalink is vulnerable because Java SE is vulnerable to a denial of service, caused by a flaw in the Lightweight HTTP Server. (CVE-2022-21628)

Source: CCN
Type: IBM Security Bulletin 6955777 (Sterling Connect:Direct Browser User Interface)
IBM Sterling Connect:Direct Browser User Interface vulnerable to multiple issues due to IBM Runtime Environment Java

Source: CCN
Type: IBM Security Bulletin 6955779 (Sterling Connect:Direct Web Services)
IBM Sterling Connect:Direct Web Services is vulnerable to multiple vulnerabilities due to IBM Java

Source: CCN
Type: IBM Security Bulletin 6957822 (z/Transaction Processing Facility)
Multiple vulnerabilities in IBM Semeru Runtime affect z/Transaction Processing Facility

Source: CCN
Type: IBM Security Bulletin 6962407 (CICS Transaction Gateway)
Multiple Vulnerabilities (CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619) affects CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.

Source: CCN
Type: IBM Security Bulletin 6962801 (CICS TX Standard)
multiple vulnerabilities in Java SE may affect CICS TX Standard

Source: CCN
Type: IBM Security Bulletin 6962803 (CICS TX Advanced)
multiple vulnerabilities in Java SE may affect CICS TX Advanced

Source: CCN
Type: IBM Security Bulletin 6962813 (TXSeries for Multiplatforms)
multiple vulnerabilities in Java SE may affect TXSeries for Multiplatforms

Source: CCN
Type: IBM Security Bulletin 6963071 (Spectrum Protect for Virtual Environments)
Vulnerabilites in Java SE affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Virtual Environments and IBM Spectrum Protect for Space Management (CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619)

Source: CCN
Type: IBM Security Bulletin 6963075 (Security Guardium)
IBM Security Guardium is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6963087 (Watson Knowledge Catalog on-prem)
Multiple Vulnerabilities in Java affecting Watson Knowledge Catalog for IBM Cloud Pak for Data (CVE-2022-21628, CVE-2022-21626)

Source: CCN
Type: IBM Security Bulletin 6963278 (WebSphere eXtreme Scale)
Multiple Vulnerabilities in IBM Runtime Environment Java Technology Edition affects WebSphere eXtreme Scale

Source: CCN
Type: IBM Security Bulletin 6964526 (Workload Scheduler)
Multiple vulnerabilities in IBM SDK Java Technology Edition affect IBM Workload Scheduler.

Source: CCN
Type: IBM Security Bulletin 6967333 (QRadar SIEM)
IBM QRadar SIEM includes components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6980889 (PureData System for Operational Analytics)
Multiple vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU -April 2022 to January 2023 affects AIX LPARs in IBM PureData System for Operational Analytics

Source: CCN
Type: IBM Security Bulletin 6981071 (Security Verify Governance)
IBM Security Verify Governance is vulnerable to several issues due to vulnerabilities in Java SE (CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619)

Source: CCN
Type: IBM Security Bulletin 6987143 (Sterling Secure Proxy)
IBM Sterling Secure Proxy is vulnerable to multiple vulnerabilities due to IBM Java Runtime

Source: CCN
Type: IBM Security Bulletin 6987177 (Sterling External Authentication Server)
IBM Sterling External Authentication Server is vulnerable to multiple vulnerabilities due to IBM Java Runtime

Source: CCN
Type: IBM Security Bulletin 7001549 (Tivoli Netcool Configuration Manager)
Vulnerabbilities exists in the IBM SDK, Java Technology Edition affect IBM Tivoli Network Configuration Manager (CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619).

Source: CCN
Type: IBM Security Bulletin 7001567 (Sterling Partner Engagement Manager)
IBM Sterling Partner Engagement Manager vulnerable to multiple issues due to IBM Java SE

Source: CCN
Type: IBM Security Bulletin 7004699 (Rational Performance Tester)
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester

Source: CCN
Type: IBM Security Bulletin 7004701 (Rational Service Tester)
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester

Source: CCN
Type: IBM Security Bulletin 7006015 (Cloud Pak System)
Multiple Vunerabilities in IBM Java SDK affect IBM Cloud Pak System

Source: CCN
Type: IBM Security Bulletin 7008991 (App Connect Enterprise)
Multiple vulnerabilities in IBM SDK Java affect IBM App Connect Enterprise and IBM Integration Bus

Source: CCN
Type: IBM Security Bulletin 7009327 (Cloud Application Performance Management)
Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects APM Agents for Monitoring

Source: CCN
Type: IBM Security Bulletin 7014913 (Rational Synergy)
Multiple Vulnerabilities in Rational Synergy 7.2.2.5

Source: CCN
Type: Oracle CPUOct2022
Oracle Critical Patch Update Advisory - October 2022

Source: secalert_us@oracle.com
Type: Patch, Vendor Advisory
secalert_us@oracle.com

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::supplementary:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:oracle:graalvm:20.3.7:*:*:*:enterprise:*:*:*
  • OR cpe:/a:oracle:graalvm:21.3.3:*:*:*:enterprise:*:*:*
  • OR cpe:/a:oracle:graalvm:22.2.0:*:*:*:enterprise:*:*:*
  • AND
  • cpe:/o:ibm:aix:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cics_transaction_gateway:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_netcool_configuration_manager:6.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spss_collaboration_and_deployment_services:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:txseries:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:txseries:8.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:license_metric_tool:9.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_business_developer:9.5:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server_patterns:1.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_netcool_configuration_manager:6.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_extreme_scale:8.6.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:workload_scheduler:9.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_functional_tester:9.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:10.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:content_collector:4.0.0.2:*:*:*:sap_applications:*:*:*
  • OR cpe:/a:ibm:websphere_application_server_patterns:1.0.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server_patterns:2.2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_performance_tester:9.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_netcool/impact:7.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect:11.0.0.1:*:*:*:enterprise:*:*:*
  • OR cpe:/a:ibm:security_guardium:10.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_application_performance_management:8.1.4:*:*:*:*:advanced_private:*:*
  • OR cpe:/a:ibm:tivoli_business_service_manager:6.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_functional_tester:9.5:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:7.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:java:7.1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:java:8.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:vios:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_backup-archive_client:8.1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_for_virtual_environments:8.1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_transformation_advisor:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:txseries:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_business_developer:9.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_system:2.3.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:10.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:content_collector:4.0.0.3:*:*:*:sap_applications:*:*:*
  • OR cpe:/a:ibm:cloud_pak_system:2.3.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_service_tester:9.5:*:*:*:soa_quality:*:*:*
  • OR cpe:/a:ibm:event_streams:10.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_service_tester:9.2:*:*:*:soa_quality:*:*:*
  • OR cpe:/a:ibm:workload_scheduler:9.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_for_space_management:8.1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:10.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:10.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:10.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_secure_proxy:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:secure_external_authentication_server:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:7.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*
  • OR cpe:/a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*
  • OR cpe:/a:ibm:security_verify_governance:10.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:22.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cics_transaction_gateway:9.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation:21.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation:21.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation:23.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:22.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_external_authentication_server:6.1.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8079
    P
    		java-1_8_0-ibm-1.8.0_sr8.0-150000.3.71.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:8080
    P
    		java-1_8_0-openjdk-1.8.0.362-150000.3.76.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7535
    P
    		java-11-openjdk-11.0.19.0-150000.3.96.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7536
    P
    		java-17-openjdk-17.0.7.0-150400.3.18.2 on GA media (Moderate)
    2023-06-12
    oval:com.redhat.rhsa:def:20230128
    P
    		RHSA-2023:0128: java-1.8.0-ibm security update (Moderate)
    2023-01-12
    oval:com.redhat.rhsa:def:20227013
    P
    		RHSA-2022:7013: java-11-openjdk security and bug fix update (Moderate)
    2022-10-20
    oval:com.redhat.rhsa:def:20226999
    P
    		RHSA-2022:6999: java-17-openjdk security and bug fix update (Moderate)
    2022-10-20
    oval:com.redhat.rhsa:def:20227007
    P
    		RHSA-2022:7007: java-1.8.0-openjdk security update (Moderate)
    2022-10-20
    oval:com.redhat.rhsa:def:20227000
    P
    		RHSA-2022:7000: java-17-openjdk security and bug fix update (Moderate)
    2022-10-19
    oval:com.redhat.rhsa:def:20227008
    P
    		RHSA-2022:7008: java-11-openjdk security and bug fix update (Moderate)
    2022-10-19
    oval:com.redhat.rhsa:def:20227002
    P
    		RHSA-2022:7002: java-1.8.0-openjdk security and bug fix update (Moderate)
    2022-10-19
    oval:com.redhat.rhsa:def:20227012
    P
    		RHSA-2022:7012: java-11-openjdk security and bug fix update (Moderate)
    2022-10-19
    oval:com.redhat.rhsa:def:20227006
    P
    		RHSA-2022:7006: java-1.8.0-openjdk security update (Moderate)
    2022-10-19
    BACK
    oracle graalvm 20.3.7
    oracle graalvm 21.3.3
    oracle graalvm 22.2.0
    ibm aix 7.1
    ibm tivoli monitoring 6.3.0
    ibm i 7.2
    ibm cics transaction gateway 9.1
    ibm tivoli netcool configuration manager 6.4.1
    ibm spss collaboration and deployment services 7.0
    ibm txseries 8.1
    ibm txseries 8.2
    ibm license metric tool 9.2
    ibm rational business developer 9.5
    ibm i 7.3
    ibm websphere application server patterns 1.0.0.0
    ibm aix 7.2
    ibm tivoli netcool configuration manager 6.4.2
    ibm websphere extreme scale 8.6.1.0
    ibm workload scheduler 9.4
    ibm spss collaboration and deployment services 8.0
    ibm spss collaboration and deployment services 8.1
    ibm spss collaboration and deployment services 8.1.1
    ibm rational functional tester 9.2
    ibm security guardium 10.5
    ibm content collector 4.0.0.2
    ibm websphere application server patterns 1.0.0.7
    ibm websphere application server patterns 2.2.0.0
    ibm tivoli monitoring 6.3.0.7
    ibm rational performance tester 9.2
    ibm tivoli netcool/impact 7.1.0
    ibm app connect 11.0.0.1
    ibm security guardium 10.6
    ibm cloud application performance management 8.1.4
    ibm tivoli business service manager 6.2.0
    ibm rational functional tester 9.5
    ibm i 7.4
    ibm java 7.1.0.0
    ibm java 8.0.0.0
    ibm vios 3.1
    ibm spectrum protect backup-archive client 8.1.0.0
    ibm spectrum protect for virtual environments 8.1.0.0
    ibm cloud transformation advisor 2.0.1
    ibm txseries 9.1
    ibm tivoli application dependency discovery manager 7.3.0.0
    ibm rational business developer 9.6
    ibm cloud pak system 2.3.1.1
    ibm spss collaboration and deployment services 8.2
    ibm spss collaboration and deployment services 8.2.1
    ibm qradar security information and event manager 7.4 -
    ibm event streams 10.0.0
    ibm content collector 4.0.0.3
    ibm cloud pak system 2.3.2.0
    ibm rational service tester 9.5
    ibm event streams 10.1.0
    ibm rational service tester 9.2
    ibm workload scheduler 9.5
    ibm spectrum protect for space management 8.1.0.0
    ibm security guardium 11.3
    ibm event streams 10.2.0
    ibm app connect enterprise 12.0.1.0
    ibm event streams 10.3.0
    ibm event streams 10.3.1
    ibm security guardium 11.4
    ibm sterling secure proxy 6.0.3
    ibm secure external authentication server 6.0.3
    ibm aix 7.3
    ibm cloud pak for business automation 18.0.0
    ibm cloud pak for business automation 18.0.2
    ibm cloud pak for business automation 19.0.1
    ibm cloud pak for business automation 19.0.3
    ibm cloud pak for business automation 20.0.1
    ibm cloud pak for business automation 20.0.3
    ibm cloud pak for business automation 21.0.1 -
    ibm cloud pak for business automation 21.0.2 -
    ibm cloud pak for business automation 21.0.3 -
    ibm i 7.5
    ibm cics tx 11.1
    ibm cics tx 11.1
    ibm security verify governance 10.0
    ibm cloud pak for business automation 22.0.1 -
    ibm cics transaction gateway 9.2
    ibm robotic process automation 21.0.6
    ibm robotic process automation for cloud pak 21.0.7
    ibm robotic process automation 21.0.7
    ibm robotic process automation 23.0.0
    ibm cloud pak for business automation 22.0.2 -
    ibm sterling external authentication server 6.1.0