Security Bulletin
Summary
IBM Security Verify Privilege Products NOT Affected by Java Spring Boot Framework Vulnerabilities
Vulnerability Details
After conducting extensive research on IBM Security Verify Privilege’s product code base, we have determined that none of the products outlined below are using the vulnerable Java Spring Boot Framework (CVE-2022-22947, CVE-2022-22950, CVE-2022-22963, CVE-2022-22965). Additionally, none of the products outlined below are built on the Java programming language, preventing the Framework to be present.
- Verify Privilege Vault
- Verify Privilege Manager
- Account Lifecycle Manager
- Verify Privilege Vault Analytics
- Verify Privilege DevOps Vault
- Verify Privilege Vault Remote
- Verify Privilege Server Suite
Note: For additional information please access the National Vulnerability Database at
Get Notified about Future Security Bulletins
References
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
05 April 2022
UID
ibm16569265