CVE-2022-22488

2022-12-1213:15:12

CWE-770

[email protected]

web.nvd.nist.gov

ibm

openbmc

denial of service

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

32.8%

JSON

IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time. IBM X-Force ID: 2226337.

Affected configurations

Nvd

Node

ibmpower_system_ac922_\(8335-gtg\)_firmwareRangeop910–op910.70

AND

ibmpower_system_ac922_\(8335-gtg\)Match-

Node

ibmpower_system_ac922_\(8335-gth\)Match-

AND

ibmpower_system_ac922_\(8335-gth\)_firmwareRangeop940–op940.40

Node

ibmpower_system_ac922_\(8335-gtx\)Match-

AND

ibmpower_system_ac922_\(8335-gtx\)_firmwareRangeop940–op940.40

VendorProductVersionCPE
ibmpower_system_ac922_\(8335-gtg\)_firmware*cpe:2.3:o:ibm:power_system_ac922_\(8335-gtg\)_firmware:*:*:*:*:*:*:*:*
ibmpower_system_ac922_\(8335-gtg\)-cpe:2.3:h:ibm:power_system_ac922_\(8335-gtg\):-:*:*:*:*:*:*:*
ibmpower_system_ac922_\(8335-gth\)-cpe:2.3:h:ibm:power_system_ac922_\(8335-gth\):-:*:*:*:*:*:*:*
ibmpower_system_ac922_\(8335-gth\)_firmware*cpe:2.3:o:ibm:power_system_ac922_\(8335-gth\)_firmware:*:*:*:*:*:*:*:*
ibmpower_system_ac922_\(8335-gtx\)-cpe:2.3:h:ibm:power_system_ac922_\(8335-gtx\):-:*:*:*:*:*:*:*
ibmpower_system_ac922_\(8335-gtx\)_firmware*cpe:2.3:o:ibm:power_system_ac922_\(8335-gtx\)_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	power_system_ac922_\(8335-gtg\)_firmware	*	cpe:2.3:o:ibm:power_system_ac922_\(8335-gtg\)_firmware::::::::
ibm	power_system_ac922_\(8335-gtg\)	-	cpe:2.3:h:ibm:power_system_ac922_\(8335-gtg\):-:::::::*
ibm	power_system_ac922_\(8335-gth\)	-	cpe:2.3:h:ibm:power_system_ac922_\(8335-gth\):-:::::::*
ibm	power_system_ac922_\(8335-gth\)_firmware	*	cpe:2.3:o:ibm:power_system_ac922_\(8335-gth\)_firmware::::::::
ibm	power_system_ac922_\(8335-gtx\)	-	cpe:2.3:h:ibm:power_system_ac922_\(8335-gtx\):-:::::::*
ibm	power_system_ac922_\(8335-gtx\)_firmware	*	cpe:2.3:o:ibm:power_system_ac922_\(8335-gtx\)_firmware::::::::