IBM9ADBDDE58661CDBE895EF30C5FC7969CE502BC90E9C6CAA210F0E36F82C8B330Security Bulletin: Security vulnerabilities have been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
87.3%
Summary
IBM Security Verify Governance, Identity Manager virtual appliance component has addressed the following vulnerabilities
Vulnerability Details
CVEID:CVE-2022-0778
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by a flaw in the BN_mod_sqrt() function when parsing certificates. By using a specially-crafted certificate with invalid explicit curve parameters, a remote attacker could exploit this vulnerability to cause an infinite loop, and results in a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221911 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2022-28733
**DESCRIPTION:**GNU grub2 could allow a remote attacker to execute arbitrary code on the system, caused by an integer underflow in grub_net_recv_ip4_packets. By sending a specially-crafted IP packet, an attacker could exploit this vulnerability to cause code execution and/or secure boot circumvention.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228274 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2022-28734
**DESCRIPTION:**GNU grub2 could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write when handling split HTTP headers. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause code execution and/or secure boot circumvention.
CVSS Base score: 7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228275 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H)
CVEID:CVE-2021-40528
**DESCRIPTION:**GnuPG Libgcrypt could allow a remote attacker to bypass security restrictions, caused by a flaw in the ElGamal implementation. By sending a specially-crafted request, an attacker could exploit this vulnerability to perform a cross-configuration attack against OpenPGP.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208744 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Security Verify Governance, Identity Manager virtual appliance component | 10.0.1 |
Remediation/Fixes
| Affected Product(s) | Version(s) | Fix Availability |
|---|---|---|
| IBM Security Verify Governance, Identity Manager virtual appliance component | 10.0.1.0 |
Workarounds and Mitigations
None
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | security_identity_manager | 10.0.1.0 | cpe:2.3:a:ibm:security_identity_manager:10.0.1.0:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
87.3%