Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM15A50D05C403215032A1E2FF4155677AD2B84A8999B4B3D2AA6CFC5FB51E5149
HistoryAug 05, 2024 - 8:20 p.m.

Security Bulletin: IBM Storage Ceph is vulnerable to Uncontrolled Resource Consumption in the RHEL UBI (CVE-2022-40898)

2024-08-0520:20:08
www.ibm.com
5
ibm storage ceph
vulnerability
cve-2022-40898
rhel ubi
upgrade

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

0.003

Percentile

71.9%

JSON

Summary

RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2022-40898.

Vulnerability Details

CVEID:CVE-2022-40898
**DESCRIPTION:**Python Packaging Authority (PyPA) Wheel is vulnerable to a denial of service. A remote attacker could exploit this vulnerability using the WHEEL_INFO_RE regular expression to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/243027 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Storage Ceph 6.0, 6.1-6.1z2
IBM Storage Ceph 5.3z1-z5

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.
Download the latest version of IBM Storage Ceph and upgrade to 6.1z3 or later on RHEL 9 by following instructions.

<https://public.dhe.ibm.com/ibmdl/export/pub/storage/ceph/&gt;
<https://www.ibm.com/docs/en/storage-ceph/6?topic=upgrading&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmstorage_cephMatch6.0
OR
ibmstorage_cephMatch6.1
OR
ibmstorage_cephMatch6.1
OR
ibmstorage_cephMatch2
OR
ibmstorage_cephMatch5.3
OR
ibmstorage_cephMatch1
OR
ibmstorage_cephMatch5
VendorProductVersionCPE
ibmstorage_ceph6.0cpe:2.3:a:ibm:storage_ceph:6.0:*:*:*:*:*:*:*
ibmstorage_ceph6.1cpe:2.3:a:ibm:storage_ceph:6.1:*:*:*:*:*:*:*
ibmstorage_ceph2cpe:2.3:a:ibm:storage_ceph:2:*:*:*:*:*:*:*
ibmstorage_ceph5.3cpe:2.3:a:ibm:storage_ceph:5.3:*:*:*:*:*:*:*
ibmstorage_ceph1cpe:2.3:a:ibm:storage_ceph:1:*:*:*:*:*:*:*
ibmstorage_ceph5cpe:2.3:a:ibm:storage_ceph:5:*:*:*:*:*:*:*

Related

nessus 30
openvas 22
osv 7
redos 1
cvelist 1
almalinux 1
ubuntu 3
veracode 1
cbl_mariner 2
ubuntucve 1
oraclelinux 1
mageia 1
prion 1
redhat 2
alpinelinux 1
nvd 1
ibm 8
github 1
amazon 1
redhatcve 1
debiancve 1
cve 1
nessus
nessus
EulerOS 2.0 SP11 : python-wheel (EulerOS-SA-2023-1767)
2023-05-08 00:00:00
EulerOS Virtualization 2.9.1 : python-wheel (EulerOS-SA-2023-2003)
2023-06-02 00:00:00
EulerOS Virtualization 2.11.0 : python-wheel (EulerOS-SA-2023-2112)
2023-06-07 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5821-3)
2023-03-02 00:00:00
Huawei EulerOS: Security Advisory for python-wheel (EulerOS-SA-2023-1767)
2023-05-08 00:00:00
Huawei EulerOS: Security Advisory for python-wheel (EulerOS-SA-2023-1608)
2023-04-13 00:00:00
osv
osv
PYSEC-2022-43017
2022-12-23 00:15:00
pypa/wheel vulnerable to Regular Expression denial of service (ReDoS)
2022-12-23 00:30:23
wheel vulnerability
2023-01-24 09:21:51
redos
redos
ROS-20240826-19
2024-08-26 00:00:00
cvelist
cvelist
CVE-2022-40898
2022-12-22 00:00:00
almalinux
almalinux
Moderate: python-wheel security update
2023-11-07 00:00:00
ubuntu
ubuntu
wheel vulnerability
2023-01-24 00:00:00
wheel vulnerability
2023-01-24 00:00:00
pip regression
2023-02-28 00:00:00
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2022-12-23 06:23:09
cbl_mariner
cbl_mariner
CVE-2022-40898 affecting package python-wheel for versions less than 0.43.0-1
2024-07-24 00:12:29
CVE-2022-40898 affecting package python-wheel for versions less than 0.33.6-8
2024-09-13 18:09:05
ubuntucve
ubuntucve
CVE-2022-40898
2022-12-23 00:00:00
oraclelinux
oraclelinux
python-wheel security update
2023-11-12 00:00:00
mageia
mageia
Updated python-wheel packages fix security vulnerability
2023-07-07 08:54:45
prion
prion
Input validation
2022-12-23 00:15:00
redhat
redhat
(RHSA-2023:6712) Moderate: python-wheel security update
2023-11-07 06:12:51
(RHSA-2023:6793) Important: rh-python38-python security update
2023-11-08 08:04:01
alpinelinux
alpinelinux
CVE-2022-40898
2022-12-23 00:15:14
nvd
nvd
CVE-2022-40898
2022-12-23 00:15:14
ibm
ibm
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in PyPA Wheel
2023-01-30 18:22:59
Security Bulletin: Python Packaging Authority (PyPA) Wheel is vulnerable to CVE-2022-40898 used in IBM Maximo Application Suite
2023-05-02 17:53:15
Security Bulletin: Vulnerabilities in Pypa Setuptools, Golang Go, OpenSSH, Minio and Certifi may affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift
2023-03-29 15:18:12
github
github
pypa/wheel vulnerable to Regular Expression denial of service (ReDoS)
2022-12-23 00:30:23
amazon
amazon
Medium: python-wheel
2023-11-29 22:20:00
redhatcve
redhatcve
CVE-2022-40898
2023-01-31 10:35:37
debiancve
debiancve
CVE-2022-40898
2022-12-23 00:15:14
cve
cve
CVE-2022-40898
2022-12-23 00:15:14

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

0.003

Percentile

71.9%

JSON
Related for 15A50D05C403215032A1E2FF4155677AD2B84A8999B4B3D2AA6CFC5FB51E5149
nessus30openvas22osv7redos1cvelist1almalinux1ubuntu3veracode1cbl_mariner2ubuntucve1oraclelinux1mageia1prion1redhat2alpinelinux1nvd1ibm8github1amazon1redhatcve1debiancve1cve1