Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBME64E7DC410011C4125965B5624BA93BAADC0CFBFC212EEB1D024C07EC2ED5BB6
HistoryNov 17, 2022 - 5:20 p.m.

Security Bulletin: This Power System update is being released to address CVE 2022-22488

2022-11-1717:20:52
www.ibm.com
29
power system
firmware update
bmc web server
cve 2022-22488
security issue
op910
op940
ibm power system ac922
workaround
mitigation

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

32.8%

JSON

Summary

POWER9: In response to a security issue with the BMC web server, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE 2022-22488.

Vulnerability Details

CVEID:CVE-2022-22488
**DESCRIPTION:**IBM BMC could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/226337 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s) Release(s)
OPENBMC OP910

OP910.00 through OP910.60

OPENBMC| OP940|

OP940.00 through OP940.40

Remediation/Fixes

Customers with the products below running OP910, install OP910.70:

  1. IBM Power System AC922 (8335-GTG)

Customers with the products below running OP940, install OP940.50:

  1. IBM Power System AC922 (8335-GTH, 8335-GTX)

Workarounds and Mitigations

To avoid this problem, wait 10 seconds between uploading CA certificates.

To recover from this problem, restart the BMC’s HTTPS service. This can be performed in one of two ways:
1. Remove power from the BMC and then reapply power, OR
2. Use root access to the BMC’s command shell, and use the “reboot” command to reset the BMC.

Affected configurations

Vulners
Node
ibmpower_9_ac922_firmwareMatch910
OR
ibmpower_9_ac922_firmwareMatch940
VendorProductVersionCPE
ibmpower_9_ac922_firmware910cpe:2.3:o:ibm:power_9_ac922_firmware:910:*:*:*:*:*:*:*
ibmpower_9_ac922_firmware940cpe:2.3:o:ibm:power_9_ac922_firmware:940:*:*:*:*:*:*:*

Related

prion 1
cvelist 1
cve 1
nvd 1
prion
prion
Buffer overflow
2022-12-12 13:15:00
cvelist
cvelist
CVE-2022-22488 IBM OpenBMC denial of service
2022-11-18 17:02:01
cve
cve
CVE-2022-22488
2022-12-12 13:15:12
nvd
nvd
CVE-2022-22488
2022-12-12 13:15:12

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

32.8%

JSON
Related for E64E7DC410011C4125965B5624BA93BAADC0CFBFC212EEB1D024C07EC2ED5BB6
prion1cvelist1cve1nvd1