High Severity

Security Bulletin: AIX is vulnerable to a denial of service due to OpenSSL (CVE-2022-0778)

May 13, 2022

Categorized: High Severity

Share this post:

A vulnerability in OpenSSL could allow a remote attacker to cause a denial of service (CVE-2022-0778). OpenSSL is used by AIX as part of AIX’s secure network communications.

CVE(s): CVE-2022-0778

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
AIX 7.1
AIX 7.2
AIX 7.3
VIOS 3.1

 

The following fileset levels are vulnerable:

Fileset Lower Level Upper Level
openssl.base 1.0.2.500 1.0.2.2103
openssl.base 1.1.1.0 1.1.1.1200
openssl.base 1.1.2.0 1.1.2.1200
openssl.base 20.13.102.1000 20.16.102.2104
 
Note:
 
A. 0.9.8, 1.0.1 OpenSSL versions are out-of-support. Customers are advised to upgrade to currently supported OpenSSL 1.0.2 or 1.1.1 version.
 
B. Latest level of OpenSSL fileset is available from the web download site:
  
To find out whether the affected filesets are installed on your systems, refer to the lslpp command found in the AIX user's guide.
 
Example:  lslpp -L | grep -i openssl.base

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6586112
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/221911


Previous Post

Security Bulletin: IBM Security Identity Governance and Intelligence is vulnerable to sensitive information disclosure (CVE-2020-4957)

Next Post

Security Bulletin: IBM Planning Analytics Workspace is affected by multiple vulnerabilities (CVE-2022-22950, XFID:217968)
More stories

Security Bulletin: IBM MQ Explorer is vulnerable to an XML External Entity Injection (XXE) attack (CVE-2022-22489)

August 18, 2022 | High Severity

IBM MQ Explorer is vulnerable to an XML External Entity Injection (XXE) attack due to improper XML validation in the import Wizard. ...read more

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to loss of confidentiality due to CVE-2022-35948 and CVE-2022-35949

August 18, 2022 | High Severity

Node.js module undici is used by IBM App Connect Enterprise Certified Container when testing API endpoints. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use the API testing capability may be vulnerable to loss of confidentiality if made to target an API endpoint via an untrusted proxy. This bulletin provides patch information to address the reported vulnerabilities CVE-2022-35948 and CVE-2022-35949 in Node.js module undici. ...read more

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

August 18, 2022 | High Severity

IBM Security Guardium has addressed the following vulnerabilities. ...read more