Lucene search

IBM61F7BAC5A49720C02743993A6B629FFE8F521D86A99141A5A92D3BA8D640C9D4

HistorySep 28, 2022 - 8:33 a.m.

Security Bulletin: Vulnerability in IBM SDK, Java Technology (CVE-2022-21496 and CVE-2022-21434) affects Power HMC

2022-09-2808:33:31

www.ibm.com

ibm sdk java

vulnerability

power hmc

cve-2022-21496

cve-2022-21434

jndi component

libraries component

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

48.3%

JSON

Summary

IBM Java is used by IBM Power Hardware Management Console (HMC) for running java applications and services. This bulletin provides a remediation for the impacted vulnerabilities, CVE-2022-21496 and CVE-2022-21434 by upgrading IBM Power Hardware Management Console (HMC) respective PTF and thus addressing the exposure to the java vulnerability.

Vulnerability Details

CVEID:CVE-2022-21496
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/224777 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2022-21434
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/224718 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
HMC V10.1.1010.0	V10.1.1010.0
HMC V9.2.950.0	V9.2.950.0

Remediation/Fixes

The following fixes are available on IBM Fix Central at: <http://www-933.ibm.com/support/fixcentral/>

Product

VRMF

APAR

Remediation/Fix

—|—|—|—

Power HMC

V9.2.953.0 ppc

MB04359

MH01938

Power HMC

V9.2.953.0 x86

MB04358

MH01937

Power HMC

V10.1.1020.0 ppc

MB04361

MF70300

Power HMC

V10.1.1020.0 x86

MB04360

MF70299

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmhardware_management_consoleMatchany

CPENameOperatorVersion
hardware management console v9eqany
hardware management console v10eqany

CPE	Name	Operator	Version
	hardware management console v9	eq	any
	hardware management console v10	eq	any

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

48.3%

JSON

Related for 61F7BAC5A49720C02743993A6B629FFE8F521D86A99141A5A92D3BA8D640C9D4