Security Bulletin: Vulnerability in Golang Go affects IBM Cloud Pak System.

Summary

Vulnerability in Golang Go affects IBM Cloud Pak System[CVE-2022-41724].

Vulnerability Details

CVEID:CVE-2022-41724
**DESCRIPTION:**Golang Go is vulnerable to a denial of service, caused by a flaw when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/248257 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Remediation/Fixes

For unsupported versions the recommendation is to upgrade to supported version of the product.

This security bulletin applies to Cloud Pak System, Cloud Pak System Software, Cloud Pak System Software Suite.

For IBM Cloud Pak System v2.3.3.0, v.2.3.3.1, v.2.3.3.2, v.2.3.3.3, v2.3.3.3 iFix 1, v2.3.3.4, v2.3.3.5 for Intel
Upgrade to IBM Cloud Pak System v2.3.3.6 and apply IBM Cloud Pak System v2.3.3.6 Interim Fix 1 at Fix Central.
Information on upgrading here <https://www.ibm.com/support/pages/node/6959035&gt;

For IBM Cloud Pak System V2.3.3.6,
Apply Cloud Pak System V2.3.3.6 Interim Fix 1 at Fix Central
Information on upgrading available at <https://www.ibm.com/support/pages/node/7017280&gt;

For Cloud Pak System V2.3.0.1, V2.3.1.1, V2.3.2.0, for Power
Upgrade to Cloud Pak System v2.3.3.7
Information on upgrading here https://www.ibm.com/support/pages/node/6982511

Workarounds and Mitigations

None