Vulnerability Name:

CVE-2022-39399 (CCN-238700)

Assigned:2022-10-18
Published:2022-10-18
Updated:2023-04-27
Summary:
CVSS v3 Severity:3.7 Low (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
3.2 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
3.2 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
3.7 Low (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
3.2 Low (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2022-39399

Source: XF
Type: UNKNOWN
oracle-cpuoct2022-cve202239399-un(238700)

Source: secalert_us@oracle.com
Type: Mailing List, Third Party Advisory
secalert_us@oracle.com

Source: secalert_us@oracle.com
Type: Mailing List, Third Party Advisory
secalert_us@oracle.com

Source: secalert_us@oracle.com
Type: Third Party Advisory
secalert_us@oracle.com

Source: CCN
Type: IBM Security Bulletin 6838545 (Semeru Runtimes)
Multiple vulnerabilities may affect IBM Semeru Runtime

Source: CCN
Type: IBM Security Bulletin 6845948 (Spectrum Copy Data Management)
Vulnerabilities in PostgreSQL, Open JDK, and Jettison may affect IBM Spectrum Copy Data Management

Source: CCN
Type: IBM Security Bulletin 6848295 (Cloud Pak for Business Automation)
Security vulnerability is addressed with IBM Cloud Pak for Business Automation iFixes for November 2022

Source: CCN
Type: IBM Security Bulletin 6852813 (Robotic Process Automation)
Multiple Security vulnerabilities in Java may affect IBM Robotic Process Automation for Cloud Pak (CVE-2022-21618, CVE-2022-21619, CVE-2022-21624, CVE-2022-21626, CVE-2022-21628, CVE-2022-39399)

Source: CCN
Type: IBM Security Bulletin 6954673 (SPSS Collaboration and Deployment Services)
Vulnerabilities in IBM Semeru Runtime affect SPSS Collaboration and Deployment Services (CVE-2022-21628, CVE-2022-21626, CVE-2022-21618, CVE-2022-39399, CVE-2022-21624, CVE-2022-21619, CVE-2022-3676)

Source: CCN
Type: IBM Security Bulletin 6957822 (z/Transaction Processing Facility)
Multiple vulnerabilities in IBM Semeru Runtime affect z/Transaction Processing Facility

Source: CCN
Type: Oracle CPUOct2022
Oracle Critical Patch Update Advisory - October 2022

Source: secalert_us@oracle.com
Type: Patch, Vendor Advisory
secalert_us@oracle.com

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/a:redhat:enterprise_linux:9::crb:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*
    • Configuration RedHat 6:
  • cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*
    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*
    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*
    • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*
    • Configuration RedHat 10:
  • cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*
    • Configuration RedHat 11:
  • cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:oracle:graalvm:20.3.7:*:*:*:enterprise:*:*:*
  • OR cpe:/a:oracle:graalvm:21.3.3:*:*:*:enterprise:*:*:*
  • OR cpe:/a:oracle:graalvm:22.2.0:*:*:*:enterprise:*:*:*
  • AND
  • cpe:/a:ibm:spss_collaboration_and_deployment_services:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:22.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.7:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8079
    P
    		java-1_8_0-ibm-1.8.0_sr8.0-150000.3.71.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7535
    P
    		java-11-openjdk-11.0.19.0-150000.3.96.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7536
    P
    		java-17-openjdk-17.0.7.0-150400.3.18.2 on GA media (Moderate)
    2023-06-12
    oval:com.redhat.rhsa:def:20226999
    P
    		RHSA-2022:6999: java-17-openjdk security and bug fix update (Moderate)
    2022-10-20
    oval:com.redhat.rhsa:def:20227013
    P
    		RHSA-2022:7013: java-11-openjdk security and bug fix update (Moderate)
    2022-10-20
    oval:com.redhat.rhsa:def:20227000
    P
    		RHSA-2022:7000: java-17-openjdk security and bug fix update (Moderate)
    2022-10-19
    oval:com.redhat.rhsa:def:20227008
    P
    		RHSA-2022:7008: java-11-openjdk security and bug fix update (Moderate)
    2022-10-19
    oval:com.redhat.rhsa:def:20227012
    P
    		RHSA-2022:7012: java-11-openjdk security and bug fix update (Moderate)
    2022-10-19
    BACK
    oracle graalvm 20.3.7
    oracle graalvm 21.3.3
    oracle graalvm 22.2.0
    ibm spss collaboration and deployment services 7.0
    ibm spss collaboration and deployment services 8.0
    ibm spss collaboration and deployment services 8.1
    ibm spss collaboration and deployment services 8.1.1
    ibm spss collaboration and deployment services 8.2
    ibm spss collaboration and deployment services 8.2.1
    ibm cloud pak for business automation 18.0.0
    ibm cloud pak for business automation 18.0.2
    ibm cloud pak for business automation 19.0.1
    ibm cloud pak for business automation 19.0.3
    ibm cloud pak for business automation 20.0.1
    ibm cloud pak for business automation 20.0.3
    ibm cloud pak for business automation 21.0.1 -
    ibm cloud pak for business automation 21.0.2 -
    ibm cloud pak for business automation 21.0.3 -
    ibm cloud pak for business automation 22.0.1 -
    ibm robotic process automation for cloud pak 21.0.7