6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
24.1%
Multiple vulnerabilities in Intel Processors affect Cloud Pak System. IBM Cloud Pak System has addressed vulnerabilities.
CVEID:CVE-2022-21123
**DESCRIPTION:**Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by incomplete cleanup of multi-core shared buffers. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228702 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)
CVEID:CVE-2022-21125
**DESCRIPTION:**Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by incomplete cleanup of microarchitectural fill buffers. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228703 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)
CVEID:CVE-2022-21127
**DESCRIPTION:**Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by incomplete cleanup in specific special register read operations in the Memory Mapped I/O (MMIO) component. By conducting a specially-crafted read operation, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228695 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2022-21166
**DESCRIPTION:**Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by incomplete cleanup in specific special register write operations in the Memory Mapped I/O (MMIO) component. By conducting a specially-crafted write operation, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228696 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2022-0001
**DESCRIPTION:**Multiple Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by an issue with non-transparent sharing of branch predictor selectors between contexts. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 4.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221228 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2022-0002
**DESCRIPTION:**Multiple Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by an issue with non-transparent sharing of branch predictor selectors between contexts. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 4.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221229 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) | Affected Node / System (s) | Component |
---|---|---|---|
IBM Cloud Pak System 2.3 - 2.3.3.4 |
| x240 M5 Compute Node| UEFI
System X3550 M5| UEFI
IBM Cloud Pak System 2.3- 2.3.3.5| System SN550| UEFI
System SR630|
UEFI
Affected Product(s) | Version(s) | Affected Node / System (s) | Firmware Update Version(s) |
---|---|---|---|
IBM Cloud Pak System 2.3 - 2.3.3.4 |
| x240 M5 Compute Node| 3.70
System X3550 M5| 3.50
IBM Cloud Pak System 2.3- 2.3.3.5| System SN550| IVE178I
System SR630|
IVE178I
For Cloud Pak System from 2.3, 2.3.0.1, v2.3.3.0, v.2.3.3.1, v.2.3.3.2, v.2.3.3.3, v2.3.3.3 Interim Fix 1, v2.3.3.4, v2.3.3.5
upgrade to IBM Cloud Pak System V2.3.3.6 at Fix Central
Information on upgrading at : <http://www.ibm.com/support/docview.wss?uid=ibm10887959>
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud pak system software | eq | 2.3 |
6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
24.1%