CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
55.0%
This affects the BMC administrator function to upload HTTPS certificates.
CVEID:CVE-2022-4450
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by a double-free error related to the improper handling of specific PEM data by the PEM_read_bio_ex() function. By sending specially crafted PEM files for parsing, a remote attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/246615 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
OPENBMC | FW1030.00 - FW1030.10 |
OPENBMC | OP940.00 - OP940.50 |
OPENBMC | FW1020.00 - FW1020.30 |
HMC firmware | OP940.00 - OP940.50 |
Customers with the products below should install OP940.60 or newer to remediate this vulnerability.
Power 9
Customers with the products below should install FW1020.40(1020_106) or install FW1030.20(1030_060) or newer to remediate this vulnerability.
Power 10
Customers with the products below should install OP940.60 or newer firmware to remediate this vulnerability.
Power 9
Only use HTTPS certificates from trusted sources.
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
55.0%