Lucene search

IBM01A0100D93C2D77DB5E08F6099991BC102A97E00150E703B51AA54B6BAC1450E

HistoryJul 08, 2024 - 5:47 p.m.

Security Bulletin: TSSC/IMC is vulnerable to aritrary code excecution due to Java (CVE-2023-22081)

2024-07-0817:47:00

www.ibm.com

tssc/imc

arbitrary code execution

java library update

cve-2023-22081

vulnerability

patch

upgrade

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

5.7

Confidence

High

JSON

Summary

TSSC/IMC is vulnerable to aritrary code excecution due to Dmidecode. A patch has been provided that updates the Java library. (CVE-2023-22081)

Vulnerability Details

CVEID:CVE-2023-22081
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cause no confidentiality impact, no integrity impact, and low availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268929 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
Total Storage Service Console (TSSC) / TS4500 IMC	9.4.14
Total Storage Service Console (TSSC) / TS4500 IMC	9.4.21
Total Storage Service Console (TSSC) / TS4500 IMC	9.4.26
Total Storage Service Console (TSSC) / TS4500 IMC	9.5.8

Remediation/Fixes

Affected Product(s)	Version(s)	Remediation/Fix/Instructions
Total Storage Service Console (TSSC) / TS4500 IMC	9.4.14

Upgrade to 9.4.26/9.5.8

Download patch and execute on TSSC/IMC system

Total Storage Service Console (TSSC) / TS4500 IMC| 9.4.21|

Upgrade to 9.4.26/9.5.8

Download patch and execute on TSSC/IMC system

Total Storage Service Console (TSSC) / TS4500 IMC| 9.4.26| Download patch and execute on TSSC/IMC system
Total Storage Service Console (TSSC) / TS4500 IMC| 9.5.8| Download patch and execute on TSSC/IMC system

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmts7700Match9.4.14

ibmts7700Match9.4.21

ibmts7700Match9.4.26

ibmts7700Match9.5.8

VendorProductVersionCPE
ibmts77009.4.14cpe:2.3:h:ibm:ts7700:9.4.14:*:*:*:*:*:*:*
ibmts77009.4.21cpe:2.3:h:ibm:ts7700:9.4.21:*:*:*:*:*:*:*
ibmts77009.4.26cpe:2.3:h:ibm:ts7700:9.4.26:*:*:*:*:*:*:*
ibmts77009.5.8cpe:2.3:h:ibm:ts7700:9.5.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	ts7700	9.4.14	cpe:2.3:h:ibm:ts7700:9.4.14:::::::*
ibm	ts7700	9.4.21	cpe:2.3:h:ibm:ts7700:9.4.21:::::::*
ibm	ts7700	9.4.26	cpe:2.3:h:ibm:ts7700:9.4.26:::::::*
ibm	ts7700	9.5.8	cpe:2.3:h:ibm:ts7700:9.5.8:::::::*