6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
30.8%
XClarity Controller (XCC) is vulnerable to Denial of Service and tampering. XCC is used by Cloud Pak System. Cloud Pak System has addressed these vulnerabilities.
CVEID:CVE-2022-34884
**DESCRIPTION:**Lenovo XClarity Controller (XCC) is vulnerable to a denial of service, caused by a buffer overflow vulnerability in the Remote Presence subsystem. By sending a specially-crafted request, a remote authenticated attacker could overflow a buffer and cause a denial of service.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/231123 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2022-34888
**DESCRIPTION:**Lenovo XClarity Controller (XCC) is vulnerable to tampering, caused by a flaw in the Remote Mount feature. By using spoofed CAN messages, a remote authenticated attacker could exploit this vulnerability to make connections to internal services that may not normally be accessible to users.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/231124 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
Affected Product(s) | Version(s)/Affectded component |
---|---|
IBM Cloud Pak Systems | v2.3 |
SN550 | XClarity Controller (XCC) |
SR630 | XClarity Controller (XCC) |
OEM SR630 | XClarity Controller (XCC) |
Recommended solution for Cloud Pak System update XClarity Controller (XCC) with Cloud Pak System 2.3.3.6 as reported in the table below.
Product System Node (s) | Version(s) |
---|---|
IBM Cloud Pak System | v2.3.3.6 |
SN550 | XCC v5.20 TEI3C8M |
SR630 | XCC v8.40-CDI394N |
OEMSR630 | XCC 8.40-CDI394N |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud pak system software | eq | 2.3 |
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
30.8%