High Severity

Security Bulletin: Due to use of OpenSSL, IBM Virtualization Engine TS7700 is vulnerable to denial of service (CVE-2022-0778) and privilege escalation (CVE-2022-1292)

Share this post:

IBM Virtualization Engine TS7700 is vulnerable to denial of service (CVE-2022-0778) and privilege escalation (CVE-2022-1292) due to the use of OpenSSL. OpenSSL is used by IBM Virtualization Engine TS7700 for inbound and outbound TLS connections other than those provided by the Management Interface. IBM Virtualization Engine TS7700 has addressed the applicable CVEs.

CVE(s): CVE-2022-0778, CVE-2022-1292

Affected product(s) and affected version(s):

All versions of microcode for the IBM Virtualization Engine TS7700 (3957-VEC and 3957-VED) prior to and including the following are affected:

Machine Type Model Release Version
3957 VEC R5.0 8.50.2.6
R5.1 8.51.2.12
R5.2 Phase 1 8.52.101.12
R5.2 Phase 2 8.52.200.111
VED R5.0 8.50.2.6
R5.1 8.51.2.12
R5.2 Phase 1 8.52.101.12
R5.2 Phase 2 8.52.200.111

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6616067
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/221911
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/225619

More stories

Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to arbitrary code execution due to CVE-2022-1304

December 1, 2022 | High Severity

e2fsprogs is provided as an operating system module in the IBM App Connect Enterprise Certified Container images. IBM App Connect Enterprise Certified Container images may be vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability CVE-2022-1304 in e2fsprogs. ...read more


Security Bulletin: Vulnerabilities with Kernel and GNU glibc affect IBM Cloud Object Storage Systems (Dec 2022v1)

December 1, 2022 | High Severity

Vulnerabilities with Kernel and GNU glibc affect IBM Cloud Object Storage Systems. These vulnerabilities have been addressed in the latest ClevOS releases ...read more


Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in Vim (CVE-2022-1621)

December 1, 2022 | High Severity

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in Vim (CVE-2022-1621) caused by improper bounds checking in the vim_strncpy find_word component. Vim is used as part of the base image included in our service components. Please read the details for remediation below. ...read more