CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
32.8%
POWER9: In response to a security issue with the BMC web server, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE 2022-22488.
CVEID:CVE-2022-22488
**DESCRIPTION:**IBM BMC could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/226337 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) | Release(s) |
---|---|---|
OPENBMC | OP910 |
OP910.00 through OP910.60
OPENBMC| OP940|
OP940.00 through OP940.40
Customers with the products below running OP910, install OP910.70:
Customers with the products below running OP940, install OP940.50:
To avoid this problem, wait 10 seconds between uploading CA certificates.
To recover from this problem, restart the BMC’s HTTPS service. This can be performed in one of two ways:
1. Remove power from the BMC and then reapply power, OR
2. Use root access to the BMC’s command shell, and use the “reboot” command to reset the BMC.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | power_9_ac922_firmware | 910 | cpe:2.3:o:ibm:power_9_ac922_firmware:910:*:*:*:*:*:*:* |
ibm | power_9_ac922_firmware | 940 | cpe:2.3:o:ibm:power_9_ac922_firmware:940:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
32.8%