IBM Support

IBM Security Verify Privilege Products NOT Affected by Java Spring Boot Framework Vulnerabilities

Created by Bassam Hassoun on
Published URL:
https://www.ibm.com/support/pages/node/6569265
6569265

Security Bulletin


Summary

IBM Security Verify Privilege Products NOT Affected by Java Spring Boot Framework Vulnerabilities

Vulnerability Details

After conducting extensive research on IBM Security Verify Privilege’s product code base, we have determined that none of the products outlined below are using the vulnerable Java Spring Boot Framework (CVE-2022-22947, CVE-2022-22950, CVE-2022-22963, CVE-2022-22965). Additionally, none of the products outlined below are built on the Java programming language, preventing the Framework to be present.

  • Verify Privilege Vault
  • Verify Privilege Manager
  • Account Lifecycle Manager
  • Verify Privilege Vault Analytics
  • Verify Privilege DevOps Vault
  • Verify Privilege Vault Remote
  • Verify Privilege Server Suite

Note: For additional information please access the National Vulnerability Database at

Get Notified about Future Security Bulletins

References

Off

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

Document Location

Worldwide

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS2N2U","label":"IBM Security Verify Privilege"},"ARM Category":[{"code":"","label":""}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Type":"MASTER"}]

Document Information

Modified date:
05 April 2022

UID

ibm16569265