CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
95.5%
IBM® AIX® is shipped as a component of IBM PureData System for Operational Analytics. Information about the security vulnerability in OpenSSL affecting IBM AIX has been published in a security bulletin ( CVE-2022-1292).
CVEID:CVE-2022-1292
**DESCRIPTION:**OpenSSL could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the c_rehash script. By sending a specially-crafted request using shell metacharacters, an attacker could exploit this vulnerability to execute arbitrary commands with the privileges of the script on the system.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225619 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM PureData System for Operational Analytics | 1.1 |
OpenSSL installp packages are available. Please refer to the table below to determine the minimum levels needed.
| Minimum Application Fixpack Version| AIX Fileset Version
—|—|—
OpenSSL| V1.1 FP5| 1.0.2.1206
For instructions on how to apply an IBM PureData System for Operational Analytics fix pack update, refer to PureData System for Operational Analytics fix pack readme documents.
For instructions on how to apply an update using AIX filesets, refer to Updating the system installed IBM® openSSL and openSSH packages in an IBM PureData System for Operational Analytics environment.
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | puredata_system_for_operational_analytics_a1801 | 1.1 | cpe:2.3:a:ibm:puredata_system_for_operational_analytics_a1801:1.1:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
95.5%