cvelistv5 - cve-2022-43869

CVE-2022-43869 (GCVE-0-2022-43869)

Vulnerability from cvelistv5 – Published: 2023-02-08 18:47 – Updated: 2025-03-25 13:51

Title

IBM Spectrum Scale denial of service

Summary

IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack. IBM X-Force ID: 239539.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-134 - Use of Externally-Controlled Format String

Assigner

ibm

References

URL

Tags

	https://www.ibm.com/support/pages/node/6909469	vendor-advisory
	https://www.ibm.com/support/pages/node/6909465	vendor-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entry

Impacted products

Vendor

Product

Version

IBM

Elastic Storage System

Affected: 6.1.0.0 , < 6.1.2.4 (semver)

IBM

Spectrum Scale

Affected: 5.1.0.0 , < 5.1.2.8 (semver)
Affected: 5.1.3.0 , < 5.1.5.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:40:06.720Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6909469"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6909465"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239539"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-43869",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-25T13:51:34.770772Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-25T13:51:41.867Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Elastic Storage System",
          "vendor": "IBM",
          "versions": [
            {
              "lessThan": "6.1.2.4",
              "status": "affected",
              "version": "6.1.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Spectrum Scale",
          "vendor": "IBM",
          "versions": [
            {
              "lessThan": "5.1.2.8",
              "status": "affected",
              "version": "5.1.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.1.5.1",
              "status": "affected",
              "version": "5.1.3.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack.  IBM X-Force ID:  239539."
            }
          ],
          "value": "IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack.  IBM X-Force ID:  239539."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-134",
              "description": "CWE-134 Use of Externally-Controlled Format String",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-12T01:45:42.615Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/6909469"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/6909465"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239539"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Spectrum Scale denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2022-43869",
    "datePublished": "2023-02-08T18:47:17.320Z",
    "dateReserved": "2022-10-26T15:46:22.824Z",
    "dateUpdated": "2025-03-25T13:51:41.867Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:elastic_storage_system:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.1.0.0\", \"versionEndIncluding\": \"6.1.2.4\", \"matchCriteriaId\": \"22383BE4-63D9-45A9-AB42-385679696151\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:elastic_storage_system:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.1.3.0\", \"versionEndIncluding\": \"6.1.4.1\", \"matchCriteriaId\": \"FB3E2306-8554-497C-B037-B35392FCA0C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.1.0.0\", \"versionEndIncluding\": \"5.1.2.8\", \"matchCriteriaId\": \"4D157B98-8F4F-4D11-9382-8FC2274F6D10\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.1.3.0\", \"versionEndIncluding\": \"5.1.5.1\", \"matchCriteriaId\": \"459806A7-15A1-418B-BAB6-9440B92D9B3B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack.  IBM X-Force ID:  239539.\"}]",
      "id": "CVE-2022-43869",
      "lastModified": "2024-11-21T07:27:18.187",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@us.ibm.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}]}",
      "published": "2023-02-12T04:15:16.123",
      "references": "[{\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/239539\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"VDB Entry\", \"Vendor Advisory\"]}, {\"url\": \"https://www.ibm.com/support/pages/node/6909465\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.ibm.com/support/pages/node/6909469\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/239539\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"VDB Entry\", \"Vendor Advisory\"]}, {\"url\": \"https://www.ibm.com/support/pages/node/6909465\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.ibm.com/support/pages/node/6909469\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@us.ibm.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"psirt@us.ibm.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-134\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-43869\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2023-02-12T04:15:16.123\",\"lastModified\":\"2024-11-21T07:27:18.187\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack.  IBM X-Force ID:  239539.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-134\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:elastic_storage_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1.0.0\",\"versionEndIncluding\":\"6.1.2.4\",\"matchCriteriaId\":\"22383BE4-63D9-45A9-AB42-385679696151\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:elastic_storage_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1.3.0\",\"versionEndIncluding\":\"6.1.4.1\",\"matchCriteriaId\":\"FB3E2306-8554-497C-B037-B35392FCA0C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.1.0.0\",\"versionEndIncluding\":\"5.1.2.8\",\"matchCriteriaId\":\"4D157B98-8F4F-4D11-9382-8FC2274F6D10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.1.3.0\",\"versionEndIncluding\":\"5.1.5.1\",\"matchCriteriaId\":\"459806A7-15A1-418B-BAB6-9440B92D9B3B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}]}]}],\"references\":[{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/239539\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"https://www.ibm.com/support/pages/node/6909465\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.ibm.com/support/pages/node/6909469\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/239539\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"https://www.ibm.com/support/pages/node/6909465\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.ibm.com/support/pages/node/6909469\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/6909469\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.ibm.com/support/pages/node/6909465\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/239539\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T13:40:06.720Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-43869\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-25T13:51:34.770772Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-25T13:51:38.230Z\"}}], \"cna\": {\"title\": \"IBM Spectrum Scale denial of service\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"IBM\", \"product\": \"Elastic Storage System\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.1.0.0\", \"lessThan\": \"6.1.2.4\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"IBM\", \"product\": \"Spectrum Scale\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.1.0.0\", \"lessThan\": \"5.1.2.8\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"5.1.3.0\", \"lessThan\": \"5.1.5.1\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/6909469\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.ibm.com/support/pages/node/6909465\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/239539\", \"tags\": [\"vdb-entry\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack.  IBM X-Force ID:  239539.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack.  IBM X-Force ID:  239539.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-134\", \"description\": \"CWE-134 Use of Externally-Controlled Format String\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2023-02-12T01:45:42.615Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-43869\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-25T13:51:41.867Z\", \"dateReserved\": \"2022-10-26T15:46:22.824Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2023-02-08T18:47:17.320Z\", \"assignerShortName\": \"ibm\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2022-43869

Vulnerability from fkie_nvd - Published: 2023-02-12 04:15 - Updated: 2024-11-21 07:27

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/239539	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6909465	Patch, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6909469	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/239539	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6909465	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6909469	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	elastic_storage_system	*
ibm	elastic_storage_system	*
ibm	spectrum_scale	*
ibm	spectrum_scale	*
linux	linux_kernel	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:elastic_storage_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "22383BE4-63D9-45A9-AB42-385679696151",
              "versionEndIncluding": "6.1.2.4",
              "versionStartIncluding": "6.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:elastic_storage_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB3E2306-8554-497C-B037-B35392FCA0C5",
              "versionEndIncluding": "6.1.4.1",
              "versionStartIncluding": "6.1.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D157B98-8F4F-4D11-9382-8FC2274F6D10",
              "versionEndIncluding": "5.1.2.8",
              "versionStartIncluding": "5.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "459806A7-15A1-418B-BAB6-9440B92D9B3B",
              "versionEndIncluding": "5.1.5.1",
              "versionStartIncluding": "5.1.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack.  IBM X-Force ID:  239539."
    }
  ],
  "id": "CVE-2022-43869",
  "lastModified": "2024-11-21T07:27:18.187",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-02-12T04:15:16.123",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239539"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6909465"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6909469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239539"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6909465"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6909469"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-134"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    }
  ]
}

GHSA-C577-76Q8-RJR3

Vulnerability from github – Published: 2023-02-12 06:30 – Updated: 2023-02-21 21:30

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-43869"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-134"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-12T04:15:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack. IBM X-Force ID: 239539.",
  "id": "GHSA-c577-76q8-rjr3",
  "modified": "2023-02-21T21:30:17Z",
  "published": "2023-02-12T06:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43869"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239539"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6909465"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6909469"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2022-43869

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-43869

Aliases

CVE-2022-43869

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-43869",
    "id": "GSD-2022-43869"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-43869"
      ],
      "details": "IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack. IBM X-Force ID: 239539.",
      "id": "GSD-2022-43869",
      "modified": "2023-12-13T01:19:31.736123Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "ID": "CVE-2022-43869",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Elastic Storage System",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "6.1.0.0",
                          "version_value": "6.1.2.4"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Spectrum Scale",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "5.1.0.0",
                          "version_value": "5.1.2.8"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "5.1.3.0",
                          "version_value": "5.1.5.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "IBM"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack. IBM X-Force ID: 239539."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-134",
                "lang": "eng",
                "value": "CWE-134 Use of Externally-Controlled Format String"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.ibm.com/support/pages/node/6909469",
            "refsource": "MISC",
            "url": "https://www.ibm.com/support/pages/node/6909469"
          },
          {
            "name": "https://www.ibm.com/support/pages/node/6909465",
            "refsource": "MISC",
            "url": "https://www.ibm.com/support/pages/node/6909465"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239539",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239539"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:elastic_storage_system:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.1.2.4",
                    "versionStartIncluding": "6.1.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:elastic_storage_system:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.1.4.1",
                    "versionStartIncluding": "6.1.3.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "5.1.2.8",
                    "versionStartIncluding": "5.1.0.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:spectrum_scale:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "5.1.5.1",
                    "versionStartIncluding": "5.1.3.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2022-43869"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause a denial of service through the GUI using a format string attack. IBM X-Force ID: 239539."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-134"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239539",
              "refsource": "MISC",
              "tags": [
                "VDB Entry",
                "Vendor Advisory"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239539"
            },
            {
              "name": "https://www.ibm.com/support/pages/node/6909469",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/6909469"
            },
            {
              "name": "https://www.ibm.com/support/pages/node/6909465",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/6909465"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-02-21T20:40Z",
      "publishedDate": "2023-02-12T04:15Z"
    }
  }
}

WID-SEC-W-2023-0256

Vulnerability from csaf_certbund - Published: 2023-02-01 23:00 - Updated: 2023-02-01 23:00

Summary

IBM Spectrum Scale: Schwachstelle ermöglicht Denial of Service

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

IBM Spectrum Scale ist eine Lösung für das Management großer unstrukturierter Datenmengen.

Angriff

Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in IBM Spectrum Scale ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM Spectrum Scale ist eine L\u00f6sung f\u00fcr das Management gro\u00dfer unstrukturierter Datenmengen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in IBM Spectrum Scale ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0256 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0256.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0256 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0256"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2023-02-01",
        "url": "https://www.ibm.com/support/pages/node/6909465"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM Spectrum Scale: Schwachstelle erm\u00f6glicht Denial of Service",
    "tracking": {
      "current_release_date": "2023-02-01T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:42:53.808+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0256",
      "initial_release_date": "2023-02-01T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-02-01T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "IBM Spectrum Scale \u003c V5.1.2.9",
                "product": {
                  "name": "IBM Spectrum Scale \u003c V5.1.2.9",
                  "product_id": "T026088",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:spectrum_scale:v5.1.2.9"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "IBM Spectrum Scale \u003c V5.1.6.0",
                "product": {
                  "name": "IBM Spectrum Scale \u003c V5.1.6.0",
                  "product_id": "T026089",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:spectrum_scale:v5.1.6.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Storage Scale"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-43869",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in IBM Spectrum Scale. Eine speziell erstellte Eingabezeichenfolge wird unter Umst\u00e4nden von der Anwendung f\u00e4lschlicherweise als Befehl ausgewertet und kann somit zu einem \"Format String\" Angriff missbraucht werden. Ein authentisierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen."
        }
      ],
      "release_date": "2023-02-01T23:00:00.000+00:00",
      "title": "CVE-2022-43869"
    }
  ]
}

CERTFR-2023-AVI-0086

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	WebSphere	IBM WebSphere Remote Server versions 9.0 et 8.5 sans le dernier correctif de sécurité
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct File Agent versions 1.4.0.x antérieures à 1.4.0.2_iFix034
IBM	N/A	IBM Sterling Connect:Direct File Agent versions 1.4.0.0 à 1.4.0.2_iFix025 antérieures à 1.4.0.2_iFix026 sur AIX, Linux, Solaris et Windows
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct File Agent versions 1.4.0.0 à 1.4.0.2_iFix025 antérieures à 1.4.0.2_iFix036 sur HP-UX
IBM	Spectrum	IBM Spectrum Protect Plus File Systems Agent versions 10.1.6.x à 10.1.13.x antérieures à 10.1.13.1
IBM	Sterling	IBM Sterling B2B Integrator versions 6.x antérieures à 6.1.2.1
IBM	WebSphere	IBM WebSphere Application Server versions 1.0.0.0 à 1.0.0.7 et 2.2.0.0 à 2.3.3.5 sans le correctif de sécurité temporaire 1.0.0.0-WS-WASPATTERNS-JDK-2210

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6909455 du 01 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6909465 du 01 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6909477 du 01 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6857265 du 01 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6909983 du 01 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6597193 du 02 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6912697 du 01 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6909481 du 01 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6597191 du 02 février 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM WebSphere Remote Server versions 9.0 et 8.5 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct File Agent versions 1.4.0.x ant\u00e9rieures \u00e0 1.4.0.2_iFix034",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct File Agent versions 1.4.0.0 \u00e0 1.4.0.2_iFix025 ant\u00e9rieures \u00e0 1.4.0.2_iFix026 sur AIX, Linux, Solaris et Windows",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct File Agent versions 1.4.0.0 \u00e0 1.4.0.2_iFix025 ant\u00e9rieures \u00e0 1.4.0.2_iFix036 sur HP-UX",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect Plus File Systems Agent versions 10.1.6.x \u00e0 10.1.13.x ant\u00e9rieures \u00e0 10.1.13.1",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling B2B Integrator versions 6.x ant\u00e9rieures \u00e0 6.1.2.1",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM WebSphere Application Server versions 1.0.0.0 \u00e0 1.0.0.7 et 2.2.0.0 \u00e0 2.3.3.5 sans le correctif de s\u00e9curit\u00e9 temporaire 1.0.0.0-WS-WASPATTERNS-JDK-2210",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-35550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
    },
    {
      "name": "CVE-2022-45061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
    },
    {
      "name": "CVE-2022-21624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
    },
    {
      "name": "CVE-2022-40897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
    },
    {
      "name": "CVE-2022-21626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
    },
    {
      "name": "CVE-2022-43869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43869"
    },
    {
      "name": "CVE-2021-35603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
    },
    {
      "name": "CVE-2021-37137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
    },
    {
      "name": "CVE-2023-23477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23477"
    },
    {
      "name": "CVE-2022-21628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
    },
    {
      "name": "CVE-2021-37136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
    },
    {
      "name": "CVE-2022-3676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3676"
    },
    {
      "name": "CVE-2022-21619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
    },
    {
      "name": "CVE-2022-23491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23491"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0086",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-02-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6909455 du 01 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6909455"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6909465 du 01 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6909455"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6909477 du 01 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6909455"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6857265 du 01 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6909455"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6909983 du 01 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6909455"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6597193 du 02 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6909455"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6912697 du 01 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6909455"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6909481 du 01 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6909455"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6597191 du 02 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6909455"
    }
  ]
}

CERTFR-2023-AVI-0086

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	WebSphere	IBM WebSphere Remote Server versions 9.0 et 8.5 sans le dernier correctif de sécurité
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct File Agent versions 1.4.0.x antérieures à 1.4.0.2_iFix034
IBM	N/A	IBM Sterling Connect:Direct File Agent versions 1.4.0.0 à 1.4.0.2_iFix025 antérieures à 1.4.0.2_iFix026 sur AIX, Linux, Solaris et Windows
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct File Agent versions 1.4.0.0 à 1.4.0.2_iFix025 antérieures à 1.4.0.2_iFix036 sur HP-UX
IBM	Spectrum	IBM Spectrum Protect Plus File Systems Agent versions 10.1.6.x à 10.1.13.x antérieures à 10.1.13.1
IBM	Sterling	IBM Sterling B2B Integrator versions 6.x antérieures à 6.1.2.1
IBM	WebSphere	IBM WebSphere Application Server versions 1.0.0.0 à 1.0.0.7 et 2.2.0.0 à 2.3.3.5 sans le correctif de sécurité temporaire 1.0.0.0-WS-WASPATTERNS-JDK-2210

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6909455 du 01 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6909465 du 01 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6909477 du 01 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6857265 du 01 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6909983 du 01 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6597193 du 02 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6912697 du 01 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6909481 du 01 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6597191 du 02 février 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM WebSphere Remote Server versions 9.0 et 8.5 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct File Agent versions 1.4.0.x ant\u00e9rieures \u00e0 1.4.0.2_iFix034",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct File Agent versions 1.4.0.0 \u00e0 1.4.0.2_iFix025 ant\u00e9rieures \u00e0 1.4.0.2_iFix026 sur AIX, Linux, Solaris et Windows",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct File Agent versions 1.4.0.0 \u00e0 1.4.0.2_iFix025 ant\u00e9rieures \u00e0 1.4.0.2_iFix036 sur HP-UX",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect Plus File Systems Agent versions 10.1.6.x \u00e0 10.1.13.x ant\u00e9rieures \u00e0 10.1.13.1",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling B2B Integrator versions 6.x ant\u00e9rieures \u00e0 6.1.2.1",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM WebSphere Application Server versions 1.0.0.0 \u00e0 1.0.0.7 et 2.2.0.0 \u00e0 2.3.3.5 sans le correctif de s\u00e9curit\u00e9 temporaire 1.0.0.0-WS-WASPATTERNS-JDK-2210",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-35550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
    },
    {
      "name": "CVE-2022-45061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
    },
    {
      "name": "CVE-2022-21624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
    },
    {
      "name": "CVE-2022-40897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
    },
    {
      "name": "CVE-2022-21626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
    },
    {
      "name": "CVE-2022-43869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43869"
    },
    {
      "name": "CVE-2021-35603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
    },
    {
      "name": "CVE-2021-37137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
    },
    {
      "name": "CVE-2023-23477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23477"
    },
    {
      "name": "CVE-2022-21628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
    },
    {
      "name": "CVE-2021-37136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
    },
    {
      "name": "CVE-2022-3676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3676"
    },
    {
      "name": "CVE-2022-21619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
    },
    {
      "name": "CVE-2022-23491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23491"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0086",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-02-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6909455 du 01 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6909455"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6909465 du 01 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6909455"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6909477 du 01 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6909455"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6857265 du 01 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6909455"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6909983 du 01 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6909455"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6597193 du 02 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6909455"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6912697 du 01 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6909455"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6909481 du 01 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6909455"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6597191 du 02 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6909455"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-43869 (GCVE-0-2022-43869)

FKIE_CVE-2022-43869

GHSA-C577-76Q8-RJR3

GSD-2022-43869

WID-SEC-W-2023-0256

CERTFR-2023-AVI-0086

Solution

CERTFR-2023-AVI-0086

Solution

Tags

Sightings

Nomenclature