Lucene search

K
ibmIBM049A60D11C774DD7C4822394EF4B89D31FC01A13DE605B05AAA17A4C88B3A385
HistorySep 27, 2022 - 1:11 p.m.

Security Bulletin: IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty vulnerable to identity spoofing by an authenticated user using a specially crafted request.

2022-09-2713:11:43
www.ibm.com
12

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

38.5%

Summary

IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty vulnerable to identity spoofing by an authenticated user using a specially crafted request. (CVE-2022-22476)

Vulnerability Details

CVEID:CVE-2022-22476
**DESCRIPTION:**IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 225604.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225604 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

[

Affected](<https://public.dhe.ibm.com/systems/virtualization/Novalink/readme/NovaLink_2.0.1_readme.html&gt; “” ) Product(s) Version(s)
PowerVM Novalink 2.0
PowerVM Novalink 2.0.1
PowerVM Novalink 2.0.2
PowerVM Novalink 2.0.2.1
PowerVM Novalink 2.0.3
PowerVM Novalink 2.0.3.1

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading based on the table below.

Product Version Remediation
PowerVM Novalink 2.0.0.0

Update to pvm-novalink 2.0.1-220908

or

Update to pvm-novalink_2.0.3.1.1-220923

PowerVM Novalink| 2.0.1|

Update to pvm-novalink 2.0.1-220908

or

Update to pvm-novalink_2.0.3.1.1-220923

PowerVM Novalink| 2.0.2| Update to pvm-novalink_2.0.3.1.1-220923
PowerVM Novalink| 2.0.2.1| Update to pvm-novalink_2.0.3.1.1-220923
PowerVM Novalink| 2.0.3| Update to pvm-novalink_2.0.3.1.1-220923
PowerVM Novalink| 2.0.3.1| Update to pvm-novalink_2.0.3.1.1-220923

Workarounds and Mitigations

None

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

38.5%

Related for 049A60D11C774DD7C4822394EF4B89D31FC01A13DE605B05AAA17A4C88B3A385