8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
30.0%
Vulnerabilties in VMware ESXi affect IBM Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities.
CVEID:CVE-2022-26373
**DESCRIPTION:**VMware ESXi could allow a local authenticated attacker to obtain sensitive information, caused by a return-stack-buffer-underflow in the Intel and AMD processors that it utilizes. An attacker could exploit this vulnerability to exploit various side-channel CPU flaws, obtain sensitive information from physical memory about the hypervisor or other virtual machines that reside on the same ESXi host, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/233046 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)
CVEID:CVE-2022-31681
**DESCRIPTION:**VMware ESXi is vulnerable to a denial of service, caused by a NULL pointer deference flaw in the VMX process. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition on the host machine.
CVSS Base score: 3.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237952 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L)
CVEID:CVE-2022-31696
**DESCRIPTION:**VMware ESXi could allow a local authenticated attacker to bypass security restrictions, caused by a memory corruption flaw in the handling of a network socket. By sending a specially-crafted request, an attacker could exploit this vulnerability to make escape of the ESXi sandbox.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241821 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)
CVEID:CVE-2022-31699
**DESCRIPTION:**VMware ESXi could allow a local authenticated attacker to obtain sensitive information, caused by a heap-based buffer overflow. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241827 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N)
**IBM X-Force ID:**231872
**DESCRIPTION:**VMware ESXi could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption in the TCP/IP kernel module. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute code in the context of the kernel.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/231872 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Cloud Pak System | 2.3.3.0 - 2.3.3.5 (Intel) |
IBM Cloud Pak System Software Suite | 2.3.3.0 - 2.3.3.5 (Intel) |
IBM Cloud Pak System | 2.3.0.1 |
For unsupported release/platform IBM recommends upgrading to a fixed, supported release/platform of the product. Notice for IBM Cloud Pak System W3700 (5725-X32), IBM Cloud Pak System W3500 (5725-Z16), IBM Cloud Pak System W3550 (5725-Z17), IBM Cloud Pak System Software v2.3.0.0, v2.3.1.0, IBM Cloud Pak System Software Suite v2.3.0.0, v2.3.1.0 as per IBM Withdrawal announcement ENUS922-058.
In response to vulnerabilities found in VMware ESXi, Cloud Pak System provides new ESXi Image update to ESXi 6.7 P08 ESXi670-202210001 with Cloud Pak System 2.3.3.6.
For IBM Cloud Pak System V2.3.0.1, v2.3.3.0, v.2.3.3.1, v.2.3.3.2, v.2.3.3.3, v2.3.3.3 iFix 1, v2.3.3.4, v2.3.3.5
Upgrade to Cloud Pak System v2.3.3.6 available at FixCentral.
Information on upgrading can be found here: http://www.ibm.com/support/docview.wss?uid=ibm10887959.
None.
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud pak system software | eq | 2.3.3 |
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
30.0%