Medium Severity

Security Bulletin: Due to use of IBM® SDK Java™ Technology Edition, IBM Virtualization Engine TS7700 is vulnerable to a data integrity threat (CVE-2022-21496)

Share this post:

IBM Virtualization Engine TS7700 is vulnerable to a data integrity threat (CVE-2022-21496) due to the use of IBM® SDK Java™ Technology Edition, Version 8. The SDK is used by the TS7700 to provide the Management Interface, to perform cache management, and to provide Transparent Cloud Tiering. This issue was disclosed as part of the IBM SDK Java Technology Edition update in April 2022. IBM Virtualization Engine TS7700 has addressed the applicable CVEs.

CVE(s): CVE-2022-21496

Affected product(s) and affected version(s):

All versions of microcode for the IBM Virtualization Engine TS7700 model types 3957-VEC and 3957-VED prior to and including the following are affected:

Machine Type Model Release Version
3957 VEC R5.0 8.50.2.6
R5.1 8.51.2.12
R5.2 Phase 1 8.52.102.13
R5.2 Phase 2 8.52.200.111
VED R5.0 8.50.2.6
R5.1 8.51.2.12
R5.2 Phase 1 8.52.102.13
R5.2 Phase 2 8.52.200.111

 

Note: IBM Virtualization Engine TS7700 model type 3948-VED is not affected by this issue.

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6824193
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/224777

More stories

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in GNOME libxml2 (CVE-2022-29824)

December 1, 2022 | Medium Severity

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in GNOME libxml2, caused by an integer overflows in several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (CVE-2022-29824). GNOME libxml2 is used as part of the base image included in our service components. Please read the details for remediation below. ...read more


Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service due to CVE-2022-22844

December 1, 2022 | Medium Severity

LibTIFF is not used directly by IBM App Connect Enterprise Certified Container but is present in the DesignerAuthoring image used for mapping assistance, which may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability CVE-2022-22844 in LibTIFF. ...read more


Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service due to CVE-2022-25310

December 1, 2022 | Medium Severity

GNU Fribidi is used by IBM App Connect Enterprise Certified Container for handling unicode. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability CVE-2022-25310 in GNU FriBidi. ...read more