Lucene search

IBM7FD67B3EF7B51C9EFD2EDF11CCCCCE5BB67E6F939E8B36FAE5E41F5E70FE4272

HistoryJun 14, 2023 - 12:30 p.m.

Security Bulletin: A vulnerability in Certifi package may affect IBM Storage Scale (CVE-2022-23491)

2023-06-1412:30:28

www.ibm.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.0005 Low

EPSS

Percentile

17.6%

JSON

Summary

A vulnerability in Certifi package may affect the IBM Storage Scale call home feature.

Vulnerability Details

CVEID:CVE-2022-23491
**DESCRIPTION:**An unspecified error in with TrustCor’s ownership also operated a business that produced spyware in Certifi has an unknown impact and attack vector.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241627 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Storage Scale	5.1.0.0 - 5.1.2.10
IBM Storage Scale	5.1.3.0 - 5.1.6.1

Remediation/Fixes

For IBM Spectrum Scale V5.1.0.0 through V5.1.2.10, apply V5.1.2.11 available from FixCentral at:

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.1.2&platform=All&function=all

For IBM Spectrum Scale V5.1.3.0 through V5.1.6.1, apply V5.1.7.0 available from FixCentral at:

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.1.7&platform=All&function=all

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm storage scaleeq5.1.

CPE	Name	Operator	Version
	ibm storage scale	eq	5.1.

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.0005 Low

EPSS

Percentile

17.6%

JSON

Related for 7FD67B3EF7B51C9EFD2EDF11CCCCCE5BB67E6F939E8B36FAE5E41F5E70FE4272