7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
48.0%
Vulnerability in Golang Go affects IBM Cloud Pak System[CVE-2022-41724].
CVEID:CVE-2022-41724
**DESCRIPTION:**Golang Go is vulnerable to a denial of service, caused by a flaw when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/248257 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Cloud Pak System | 2.3.3.0 - 2.3.3.6 (Intel) |
IBM Cloud Pak System Software Suite | 2.3.3.0, 2.3.3.6 (Intel) |
IBM Cloud Pak System Software Suite | 2.3.1.1, 2.3.2.0 (Power) |
For unsupported versions the recommendation is to upgrade to supported version of the product.
This security bulletin applies to Cloud Pak System, Cloud Pak System Software, Cloud Pak System Software Suite.
For IBM Cloud Pak System v2.3.3.0, v.2.3.3.1, v.2.3.3.2, v.2.3.3.3, v2.3.3.3 iFix 1, v2.3.3.4, v2.3.3.5 for Intel
Upgrade to IBM Cloud Pak System v2.3.3.6 and apply IBM Cloud Pak System v2.3.3.6 Interim Fix 1 at Fix Central.
Information on upgrading here <https://www.ibm.com/support/pages/node/6959035>
For IBM Cloud Pak System V2.3.3.6,
Apply Cloud Pak System V2.3.3.6 Interim Fix 1 at Fix Central
Information on upgrading available at <https://www.ibm.com/support/pages/node/7017280>
For Cloud Pak System V2.3.0.1, V2.3.1.1, V2.3.2.0, for Power
Upgrade to Cloud Pak System v2.3.3.7
Information on upgrading here https://www.ibm.com/support/pages/node/6982511
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud pak system software | eq | 2.3 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
48.0%