Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMA69B165FE61F980E53B195A1306137652CCC4EF98FEA76A55C9004C062728FA8
HistoryJul 26, 2024 - 10:12 a.m.

Security Bulletin: Vulnerability in less library (CVE-2022-48624) affects Power HMC.

2024-07-2610:12:05
www.ibm.com
13
cve-2022-48624
less library
power hmc
local attacker
arbitrary commands
ibm fix central

AI Score

7

Confidence

High

JSON

Summary

The less library is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVE.

Vulnerability Details

CVEID:CVE-2022-48624
**DESCRIPTION:**less could allow a local attacker to execute arbitrary commands on the system, caused by a flaw with omitting shell_quote calls for LESSCLOSE in the close_altfile() function in filename.c. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the host operating system.
CVSS Base score: 7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/289398 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
HMC V10.2.1030.0 V10.2.1030.0
HMC V10.3.1050.0 V10.3.1050.0

Remediation/Fixes

The following fixes are available on IBM Fix Central at: <http://www-933.ibm.com/support/fixcentral/&gt;

Product

|

VRMF

|

APAR

|

Remediation/Fix

—|—|—|—

Power HMC

|

V10.2.1040.0 SP2 x86

|

MB04458

|

MF71693

Power HMC

|

V10.2.1040.0 SP2 ppc

|

MB04459

|

MF71694

Power HMC

|

V10.3.1060.0 x86

|

MB04462

|

MF71697

Power HMC

|

V10.3.1060.0 ppc

|

MB04463

|

MF71698

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmhardware_management_consoleMatchany
VendorProductVersionCPE
ibmhardware_management_consoleanycpe:2.3:a:ibm:hardware_management_console:any:*:*:*:*:*:*:*

Related

vulnrichment 1
nessus 43
openvas 19
rocky 2
osv 9
redhat 38
ubuntucve 1
prion 1
ubuntu 1
veracode 1
almalinux 3
cvelist 1
amazon 2
redhatcve 1
oraclelinux 3
cbl_mariner 1
cloudfoundry 1
cve 1
nvd 1
ibm 6
redos 1
debiancve 1
cloudlinux 1
debian 2
hp 1
vulnrichment
vulnrichment
CVE-2022-48624
2024-02-19 00:00:00
nessus
nessus
Rocky Linux 8 : less (RLSA-2024:1610)
2024-04-05 00:00:00
Amazon Linux AMI : less (ALAS-2024-1924)
2024-03-05 00:00:00
AlmaLinux 9 : less (ALSA-2024:1692)
2024-04-10 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for less (EulerOS-SA-2024-1801)
2024-06-03 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:1189-1)
2024-05-07 00:00:00
openSUSE: Security Advisory for less (SUSE-SU-2024:1192-1)
2024-04-17 00:00:00
rocky
rocky
less security update
2024-05-10 14:32:36
less security update
2024-04-05 14:55:53
osv
osv
Moderate: less security update
2024-05-10 14:32:36
less vulnerability
2024-02-27 16:47:13
Moderate: less security update
2024-04-05 14:55:53
redhat
redhat
(RHSA-2024:1989) Moderate: less security update
2024-04-23 13:22:11
(RHSA-2024:1692) Moderate: less security update
2024-04-08 09:13:29
(RHSA-2024:1875) Moderate: less security update
2024-04-18 00:58:21
ubuntucve
ubuntucve
CVE-2022-48624
2024-02-19 00:00:00
prion
prion
Design/Logic Flaw
2024-02-19 01:15:00
ubuntu
ubuntu
less vulnerability
2024-02-27 00:00:00
veracode
veracode
Arbitrary Command Execution
2024-04-26 06:59:58
almalinux
almalinux
Moderate: less security update
2024-04-08 00:00:00
Moderate: less security update
2024-04-02 00:00:00
Important: less security update
2024-07-02 00:00:00
cvelist
cvelist
CVE-2022-48624
2024-02-19 00:00:00
amazon
amazon
Important: less
2024-02-29 10:03:00
Important: less
2024-02-28 23:54:00
redhatcve
redhatcve
CVE-2022-48624
2024-02-20 09:19:56
oraclelinux
oraclelinux
less security update
2024-04-08 00:00:00
less security update
2024-04-03 00:00:00
less security update
2024-07-02 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-48624 affecting package less for versions less than 590-3
2024-03-21 08:09:05
cloudfoundry
cloudfoundry
USN-6664-1: less vulnerability | Cloud Foundry
2024-04-04 00:00:00
cve
cve
CVE-2022-48624
2024-02-19 01:15:48
nvd
nvd
CVE-2022-48624
2024-02-19 01:15:48
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary command execution in Less [CVE-2022-48624]
2024-06-20 18:22:55
Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates
2024-04-23 14:11:37
Security Bulletin: IBM Cloud Pak for Network Automation 2.7.3 addresses multiple security vulnerabilities
2024-05-21 09:37:09
redos
redos
ROS-20240607-02
2024-06-07 00:00:00
debiancve
debiancve
CVE-2022-48624
2024-02-19 01:15:48
cloudlinux
cloudlinux
less: Fix of CVE-2022-48624
2024-04-19 10:41:21
debian
debian
[SECURITY] [DSA 5679-1] less security update
2024-05-03 21:12:55
[SECURITY] [DLA 3823-1] less security update
2024-05-27 19:50:55
hp
hp
HP ThinPro 8.0 SP 9 Security Updates
2024-06-17 00:00:00

AI Score

7

Confidence

High

JSON
Related for A69B165FE61F980E53B195A1306137652CCC4EF98FEA76A55C9004C062728FA8
vulnrichment1nessus43openvas19rocky2osv9redhat38ubuntucve1prion1ubuntu1veracode1almalinux3cvelist1amazon2redhatcve1oraclelinux3cbl_mariner1cloudfoundry1cve1nvd1ibm6redos1debiancve1cloudlinux1debian2hp1