Lucene search

IBM7FD67B3EF7B51C9EFD2EDF11CCCCCE5BB67E6F939E8B36FAE5E41F5E70FE4272

HistoryJun 14, 2023 - 12:30 p.m.

Security Bulletin: A vulnerability in Certifi package may affect IBM Storage Scale (CVE-2022-23491)

2023-06-1412:30:28

www.ibm.com

ibm storage scale

certifi package

vulnerability

cve-2022-23491

fix

remediation

trustcor's ownership

spyware

ibm spectrum scale

version 5.1.0.0

version 5.1.2.10

version 5.1.3.0

version 5.1.6.1

cvss vector

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

23.8%

JSON

Summary

A vulnerability in Certifi package may affect the IBM Storage Scale call home feature.

Vulnerability Details

CVEID:CVE-2022-23491
**DESCRIPTION:**An unspecified error in with TrustCor’s ownership also operated a business that produced spyware in Certifi has an unknown impact and attack vector.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241627 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Storage Scale	5.1.0.0 - 5.1.2.10
IBM Storage Scale	5.1.3.0 - 5.1.6.1

Remediation/Fixes

For IBM Spectrum Scale V5.1.0.0 through V5.1.2.10, apply V5.1.2.11 available from FixCentral at:

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.1.2&platform=All&function=all

For IBM Spectrum Scale V5.1.3.0 through V5.1.6.1, apply V5.1.7.0 available from FixCentral at:

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.1.7&platform=All&function=all

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmspectrum_scaleMatch5.1.

CPENameOperatorVersion
ibm storage scaleeq5.1.

CPE	Name	Operator	Version
	ibm storage scale	eq	5.1.

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

23.8%

JSON

Related for 7FD67B3EF7B51C9EFD2EDF11CCCCCE5BB67E6F939E8B36FAE5E41F5E70FE4272