Lucene search

K
ibm
IBM61F7BAC5A49720C02743993A6B629FFE8F521D86A99141A5A92D3BA8D640C9D4
HistorySep 28, 2022 - 8:33 a.m.

Security Bulletin: Vulnerability in IBM SDK, Java Technology (CVE-2022-21496 and CVE-2022-21434) affects Power HMC

2022-09-2808:33:31
www.ibm.com
2

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

43.6%

Summary

IBM Java is used by IBM Power Hardware Management Console (HMC) for running java applications and services. This bulletin provides a remediation for the impacted vulnerabilities, CVE-2022-21496 and CVE-2022-21434 by upgrading IBM Power Hardware Management Console (HMC) respective PTF and thus addressing the exposure to the java vulnerability.

Vulnerability Details

CVEID:CVE-2022-21496
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/224777 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2022-21434
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/224718 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
HMC V10.1.1010.0 V10.1.1010.0
HMC V9.2.950.0 V9.2.950.0

Remediation/Fixes

The following fixes are available on IBM Fix Central at: <http://www-933.ibm.com/support/fixcentral/&gt;

Product

|

VRMF

|

APAR

|

Remediation/Fix

—|—|—|—

Power HMC

|

V9.2.953.0 ppc

|

MB04359

|

MH01938

Power HMC

|

V9.2.953.0 x86

|

MB04358

|

MH01937

Power HMC

|

V10.1.1020.0 ppc

|

MB04361

|

MF70300

Power HMC

|

V10.1.1020.0 x86

|

MB04360

|

MF70299

Workarounds and Mitigations

None

How to protect your server from attacks?

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

43.6%

Related for 61F7BAC5A49720C02743993A6B629FFE8F521D86A99141A5A92D3BA8D640C9D4